/ *
Copyright The Helm Authors .
Licensed under the Apache License , Version 2.0 ( the "License" ) ;
you may not use this file except in compliance with the License .
You may obtain a copy of the License at
http : //www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing , software
distributed under the License is distributed on an "AS IS" BASIS ,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
See the License for the specific language governing permissions and
limitations under the License .
* /
package kube // import "helm.sh/helm/v3/pkg/kube"
import (
"context"
"fmt"
"time"
"github.com/pkg/errors"
appsv1 "k8s.io/api/apps/v1"
appsv1beta1 "k8s.io/api/apps/v1beta1"
appsv1beta2 "k8s.io/api/apps/v1beta2"
batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/scheme"
deploymentutil "helm.sh/helm/v3/internal/third_party/k8s.io/kubernetes/deployment/util"
)
type waiter struct {
c kubernetes . Interface
timeout time . Duration
log func ( string , ... interface { } )
}
// waitForResources polls to get the current status of all pods, PVCs, and Services
// until all are ready or a timeout is reached
func ( w * waiter ) waitForResources ( created ResourceList ) error {
w . log ( "beginning wait for %d resources with timeout of %v" , len ( created ) , w . timeout )
return wait . Poll ( 2 * time . Second , w . timeout , func ( ) ( bool , error ) {
for _ , v := range created {
var (
// This defaults to true, otherwise we get to a point where
// things will always return false unless one of the objects
// that manages pods has been hit
ok = true
err error
)
switch value := AsVersioned ( v ) . ( type ) {
case * corev1 . Pod :
pod , err := w . c . CoreV1 ( ) . Pods ( v . Namespace ) . Get ( context . Background ( ) , v . Name , metav1 . GetOptions { } )
if err != nil || ! w . isPodReady ( pod ) {
return false , err
}
case * appsv1 . Deployment , * appsv1beta1 . Deployment , * appsv1beta2 . Deployment , * extensionsv1beta1 . Deployment :
currentDeployment , err := w . c . AppsV1 ( ) . Deployments ( v . Namespace ) . Get ( context . Background ( ) , v . Name , metav1 . GetOptions { } )
if err != nil {
return false , err
}
// If paused deployment will never be ready
if currentDeployment . Spec . Paused {
continue
}
// Find RS associated with deployment
newReplicaSet , err := deploymentutil . GetNewReplicaSet ( currentDeployment , w . c . AppsV1 ( ) )
if err != nil || newReplicaSet == nil {
return false , err
}
if ! w . deploymentReady ( newReplicaSet , currentDeployment ) {
return false , nil
}
case * corev1 . PersistentVolumeClaim :
claim , err := w . c . CoreV1 ( ) . PersistentVolumeClaims ( v . Namespace ) . Get ( context . Background ( ) , v . Name , metav1 . GetOptions { } )
if err != nil {
return false , err
}
if ! w . volumeReady ( claim ) {
return false , nil
}
case * corev1 . Service :
svc , err := w . c . CoreV1 ( ) . Services ( v . Namespace ) . Get ( context . Background ( ) , v . Name , metav1 . GetOptions { } )
if err != nil {
return false , err
}
if ! w . serviceReady ( svc ) {
return false , nil
}
case * extensionsv1beta1 . DaemonSet , * appsv1 . DaemonSet , * appsv1beta2 . DaemonSet :
ds , err := w . c . AppsV1 ( ) . DaemonSets ( v . Namespace ) . Get ( context . Background ( ) , v . Name , metav1 . GetOptions { } )
if err != nil {
return false , err
}
if ! w . daemonSetReady ( ds ) {
return false , nil
}
case * apiextv1beta1 . CustomResourceDefinition :
if err := v . Get ( ) ; err != nil {
return false , err
}
crd := & apiextv1beta1 . CustomResourceDefinition { }
if err := scheme . Scheme . Convert ( v . Object , crd , nil ) ; err != nil {
return false , err
}
if ! w . crdBetaReady ( * crd ) {
return false , nil
}
case * apiextv1 . CustomResourceDefinition :
if err := v . Get ( ) ; err != nil {
return false , err
}
crd := & apiextv1 . CustomResourceDefinition { }
if err := scheme . Scheme . Convert ( v . Object , crd , nil ) ; err != nil {
return false , err
}
if ! w . crdReady ( * crd ) {
return false , nil
}
case * appsv1 . StatefulSet , * appsv1beta1 . StatefulSet , * appsv1beta2 . StatefulSet :
sts , err := w . c . AppsV1 ( ) . StatefulSets ( v . Namespace ) . Get ( context . Background ( ) , v . Name , metav1 . GetOptions { } )
if err != nil {
return false , err
}
if ! w . statefulSetReady ( sts ) {
return false , nil
}
case * corev1 . ReplicationController , * extensionsv1beta1 . ReplicaSet , * appsv1beta2 . ReplicaSet , * appsv1 . ReplicaSet :
ok , err = w . podsReadyForObject ( v . Namespace , value )
}
if ! ok || err != nil {
return false , err
}
}
return true , nil
} )
}
func ( w * waiter ) podsReadyForObject ( namespace string , obj runtime . Object ) ( bool , error ) {
pods , err := w . podsforObject ( namespace , obj )
if err != nil {
return false , err
}
for _ , pod := range pods {
if ! w . isPodReady ( & pod ) {
return false , nil
}
}
return true , nil
}
func ( w * waiter ) podsforObject ( namespace string , obj runtime . Object ) ( [ ] corev1 . Pod , error ) {
selector , err := SelectorsForObject ( obj )
if err != nil {
return nil , err
}
list , err := getPods ( w . c , namespace , selector . String ( ) )
return list , err
}
// isPodReady returns true if a pod is ready; false otherwise.
func ( w * waiter ) isPodReady ( pod * corev1 . Pod ) bool {
for _ , c := range pod . Status . Conditions {
if c . Type == corev1 . PodReady && c . Status == corev1 . ConditionTrue {
return true
}
}
w . log ( "Pod is not ready: %s/%s" , pod . GetNamespace ( ) , pod . GetName ( ) )
return false
}
func ( w * waiter ) serviceReady ( s * corev1 . Service ) bool {
// ExternalName Services are external to cluster so helm shouldn't be checking to see if they're 'ready' (i.e. have an IP Set)
if s . Spec . Type == corev1 . ServiceTypeExternalName {
return true
}
// Make sure the service is not explicitly set to "None" before checking the IP
if s . Spec . ClusterIP != corev1 . ClusterIPNone && s . Spec . ClusterIP == "" {
w . log ( "Service does not have cluster IP address: %s/%s" , s . GetNamespace ( ) , s . GetName ( ) )
return false
}
// This checks if the service has a LoadBalancer and that balancer has an Ingress defined
if s . Spec . Type == corev1 . ServiceTypeLoadBalancer {
// do not wait when at least 1 external IP is set
if len ( s . Spec . ExternalIPs ) > 0 {
w . log ( "Service %s/%s has external IP addresses (%v), marking as ready" , s . GetNamespace ( ) , s . GetName ( ) , s . Spec . ExternalIPs )
return true
}
if s . Status . LoadBalancer . Ingress == nil {
w . log ( "Service does not have load balancer ingress IP address: %s/%s" , s . GetNamespace ( ) , s . GetName ( ) )
return false
}
}
return true
}
func ( w * waiter ) volumeReady ( v * corev1 . PersistentVolumeClaim ) bool {
if v . Status . Phase != corev1 . ClaimBound {
w . log ( "PersistentVolumeClaim is not bound: %s/%s" , v . GetNamespace ( ) , v . GetName ( ) )
return false
}
return true
}
func ( w * waiter ) deploymentReady ( rs * appsv1 . ReplicaSet , dep * appsv1 . Deployment ) bool {
expectedReady := * dep . Spec . Replicas - deploymentutil . MaxUnavailable ( * dep )
if ! ( rs . Status . ReadyReplicas >= expectedReady ) {
w . log ( "Deployment is not ready: %s/%s. %d out of %d expected pods are ready" , dep . Namespace , dep . Name , rs . Status . ReadyReplicas , expectedReady )
return false
}
return true
}
func ( w * waiter ) daemonSetReady ( ds * appsv1 . DaemonSet ) bool {
// If the update strategy is not a rolling update, there will be nothing to wait for
if ds . Spec . UpdateStrategy . Type != appsv1 . RollingUpdateDaemonSetStrategyType {
return true
}
// Make sure all the updated pods have been scheduled
if ds . Status . UpdatedNumberScheduled != ds . Status . DesiredNumberScheduled {
w . log ( "DaemonSet is not ready: %s/%s. %d out of %d expected pods have been scheduled" , ds . Namespace , ds . Name , ds . Status . UpdatedNumberScheduled , ds . Status . DesiredNumberScheduled )
return false
}
maxUnavailable , err := intstr . GetValueFromIntOrPercent ( ds . Spec . UpdateStrategy . RollingUpdate . MaxUnavailable , int ( ds . Status . DesiredNumberScheduled ) , true )
if err != nil {
// If for some reason the value is invalid, set max unavailable to the
// number of desired replicas. This is the same behavior as the
// `MaxUnavailable` function in deploymentutil
maxUnavailable = int ( ds . Status . DesiredNumberScheduled )
}
expectedReady := int ( ds . Status . DesiredNumberScheduled ) - maxUnavailable
if ! ( int ( ds . Status . NumberReady ) >= expectedReady ) {
w . log ( "DaemonSet is not ready: %s/%s. %d out of %d expected pods are ready" , ds . Namespace , ds . Name , ds . Status . NumberReady , expectedReady )
return false
}
return true
}
// Because the v1 extensions API is not available on all supported k8s versions
// yet and because Go doesn't support generics, we need to have a duplicate
// function to support the v1beta1 types
func ( w * waiter ) crdBetaReady ( crd apiextv1beta1 . CustomResourceDefinition ) bool {
for _ , cond := range crd . Status . Conditions {
switch cond . Type {
case apiextv1beta1 . Established :
if cond . Status == apiextv1beta1 . ConditionTrue {
return true
}
case apiextv1beta1 . NamesAccepted :
if cond . Status == apiextv1beta1 . ConditionFalse {
// This indicates a naming conflict, but it's probably not the
// job of this function to fail because of that. Instead,
// we treat it as a success, since the process should be able to
// continue.
return true
}
}
}
return false
}
func ( w * waiter ) crdReady ( crd apiextv1 . CustomResourceDefinition ) bool {
for _ , cond := range crd . Status . Conditions {
switch cond . Type {
case apiextv1 . Established :
if cond . Status == apiextv1 . ConditionTrue {
return true
}
case apiextv1 . NamesAccepted :
if cond . Status == apiextv1 . ConditionFalse {
// This indicates a naming conflict, but it's probably not the
// job of this function to fail because of that. Instead,
// we treat it as a success, since the process should be able to
// continue.
return true
}
}
}
return false
}
func ( w * waiter ) statefulSetReady ( sts * appsv1 . StatefulSet ) bool {
// If the update strategy is not a rolling update, there will be nothing to wait for
if sts . Spec . UpdateStrategy . Type != appsv1 . RollingUpdateStatefulSetStrategyType {
return true
}
// Dereference all the pointers because StatefulSets like them
var partition int
// 1 is the default for replicas if not set
var replicas = 1
// For some reason, even if the update strategy is a rolling update, the
// actual rollingUpdate field can be nil. If it is, we can safely assume
// there is no partition value
if sts . Spec . UpdateStrategy . RollingUpdate != nil && sts . Spec . UpdateStrategy . RollingUpdate . Partition != nil {
partition = int ( * sts . Spec . UpdateStrategy . RollingUpdate . Partition )
}
if sts . Spec . Replicas != nil {
replicas = int ( * sts . Spec . Replicas )
}
// Because an update strategy can use partitioning, we need to calculate the
// number of updated replicas we should have. For example, if the replicas
// is set to 3 and the partition is 2, we'd expect only one pod to be
// updated
expectedReplicas := replicas - partition
// Make sure all the updated pods have been scheduled
if int ( sts . Status . UpdatedReplicas ) != expectedReplicas {
w . log ( "StatefulSet is not ready: %s/%s. %d out of %d expected pods have been scheduled" , sts . Namespace , sts . Name , sts . Status . UpdatedReplicas , expectedReplicas )
return false
}
if int ( sts . Status . ReadyReplicas ) != replicas {
w . log ( "StatefulSet is not ready: %s/%s. %d out of %d expected pods are ready" , sts . Namespace , sts . Name , sts . Status . ReadyReplicas , replicas )
return false
}
return true
}
func getPods ( client kubernetes . Interface , namespace , selector string ) ( [ ] corev1 . Pod , error ) {
list , err := client . CoreV1 ( ) . Pods ( namespace ) . List ( context . Background ( ) , metav1 . ListOptions {
LabelSelector : selector ,
} )
return list . Items , err
}
// SelectorsForObject returns the pod label selector for a given object
//
// Modified version of https://github.com/kubernetes/kubernetes/blob/v1.14.1/pkg/kubectl/polymorphichelpers/helpers.go#L84
func SelectorsForObject ( object runtime . Object ) ( selector labels . Selector , err error ) {
switch t := object . ( type ) {
case * extensionsv1beta1 . ReplicaSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1 . ReplicaSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1beta2 . ReplicaSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * corev1 . ReplicationController :
selector = labels . SelectorFromSet ( t . Spec . Selector )
case * appsv1 . StatefulSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1beta1 . StatefulSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1beta2 . StatefulSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * extensionsv1beta1 . DaemonSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1 . DaemonSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1beta2 . DaemonSet :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * extensionsv1beta1 . Deployment :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1 . Deployment :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1beta1 . Deployment :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * appsv1beta2 . Deployment :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * batchv1 . Job :
selector , err = metav1 . LabelSelectorAsSelector ( t . Spec . Selector )
case * corev1 . Service :
if t . Spec . Selector == nil || len ( t . Spec . Selector ) == 0 {
return nil , fmt . Errorf ( "invalid service '%s': Service is defined without a selector" , t . Name )
}
selector = labels . SelectorFromSet ( t . Spec . Selector )
default :
return nil , fmt . Errorf ( "selector for %T not implemented" , object )
}
return selector , errors . Wrap ( err , "invalid label selector" )
}