Fix 'linkerd check'

2024-04-16 14:42:54 -05:00 · 2024-04-16 14:42:54 -05:00 · 39db823fe0
parent 7359f371dc
commit 39db823fe0
5 changed files with 98 additions and 17 deletions
--- a/pkg/healthcheck/healthcheck.go
+++ b/pkg/healthcheck/healthcheck.go
@ -2257,7 +2257,8 @@ func GetMeshedPodsIdentityData(ctx context.Context, api kubernetes.Interface, da
 	}
 	pods := []MeshedPodIdentityData{}
 	for _, pod := range podList.Items {
-		for _, containerSpec := range pod.Spec.Containers {
+		containers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
+		for _, containerSpec := range containers {
 			if containerSpec.Name != k8s.ProxyContainerName {
 				continue
 			}
@ -2937,7 +2938,8 @@ func CheckIfDataPlanePodsExist(pods []corev1.Pod) error {
 }

 func containsProxy(pod corev1.Pod) bool {
-	for _, containerSpec := range pod.Spec.Containers {
+	containers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
+	for _, containerSpec := range containers {
 		if containerSpec.Name == k8s.ProxyContainerName {
 			return true
 		}
--- a/pkg/k8s/api.go
+++ b/pkg/k8s/api.go
@ -229,19 +229,27 @@ func (kubeAPI *KubernetesAPI) GetNamespaceWithExtensionLabel(ctx context.Context

 // GetPodStatus receives a pod and returns the pod status, based on `kubectl` logic.
 // This logic is imported and adapted from the github.com/kubernetes/kubernetes project:
-// https://github.com/kubernetes/kubernetes/blob/33a3e325f754d179b25558dee116fca1c67d353a/pkg/printers/internalversion/printers.go#L558-L640
+// https://github.com/kubernetes/kubernetes/blob/v1.31.0-alpha.0/pkg/printers/internalversion/printers.go#L860
 func GetPodStatus(pod corev1.Pod) string {
 	reason := string(pod.Status.Phase)
 	if pod.Status.Reason != "" {
 		reason = pod.Status.Reason
 	}

+	initContainers := make(map[string]*corev1.Container)
+	for i := range pod.Spec.InitContainers {
+		initContainers[pod.Spec.InitContainers[i].Name] = &pod.Spec.InitContainers[i]
+	}
+
 	initializing := false
 	for i := range pod.Status.InitContainerStatuses {
 		container := pod.Status.InitContainerStatuses[i]
 		switch {
 		case container.State.Terminated != nil && container.State.Terminated.ExitCode == 0 && container.State.Terminated.Signal == 0:
 			continue
+		case isRestartableInitContainer(initContainers[container.Name]) &&
+			container.Started != nil && *container.Started && container.Ready:
+			continue
 		case container.State.Terminated != nil:
 			// initialization is failed
 			if container.State.Terminated.Reason == "" {
@ -292,9 +300,20 @@ func GetPodStatus(pod corev1.Pod) string {
 	return reason
 }

+// Borrowed from
+// https://github.com/kubernetes/kubernetes/blob/v1.31.0-alpha.0/pkg/printers/internalversion/printers.go#L3209
+func isRestartableInitContainer(initContainer *corev1.Container) bool {
+	if initContainer.RestartPolicy == nil {
+		return false
+	}
+
+	return *initContainer.RestartPolicy == corev1.ContainerRestartPolicyAlways
+}
+
 // GetProxyReady returns true if the pod contains a proxy that is ready
 func GetProxyReady(pod corev1.Pod) bool {
-	for _, container := range pod.Status.ContainerStatuses {
+	statuses := append(pod.Status.InitContainerStatuses, pod.Status.ContainerStatuses...)
+	for _, container := range statuses {
 		if container.Name == ProxyContainerName {
 			return container.Ready
 		}
--- a/pkg/k8s/api_test.go
+++ b/pkg/k8s/api_test.go
@ -27,6 +27,30 @@ metadata:
    linkerd.io/control-plane-ns: linkerd
 status:
  phase: Running
+`,
+		},
+		{
+			desc:     "Pod with proxy native sidecar is running",
+			expected: "Running",
+			pod: `
+apiVersion: v1
+kind: Pod
+metadata:
+  name: emoji
+  namespace: emojivoto
+  labels:
+    app: emoji-svc
+    linkerd.io/control-plane-ns: linkerd
+spec:
+    initContainers:
+    - name: linkerd-proxy
+      restartPolicy: Always
+status:
+  phase: Running
+  initContainerStatuses:
+  - name: linkerd-proxy
+    ready: true
+    started: true
 `,
 		},
 		{
@ -165,6 +189,9 @@ metadata:
  labels:
    app: emoji-svc
    linkerd.io/control-plane-ns: linkerd
+spec:
+    initContainers:
+    - name: foo
 status:
  phase: Running
  containerStatuses:
@ -172,7 +199,8 @@ status:
      running:
        startedAt: 1995-02-10T00:42:42Z
  initContainerStatuses:
-  - state:
+  - name: foo
+    state:
      terminated:
        exitCode: 0
        reason: Completed
@ -190,14 +218,21 @@ metadata:
  labels:
    app: emoji-svc
    linkerd.io/control-plane-ns: linkerd
+spec:
+    initContainers:
+    - name: foo
+    containers:
+    - name: bar
 status:
  phase: Running
  containerStatuses:
-  - state:
+  - name: bar
+    state:
      running:
        startedAt: 1995-02-10T00:42:42Z
  initContainerStatuses:
-  - state:
+  - name: foo
+    state:
      terminated:
        exitCode: 2
 `,
@ -214,14 +249,21 @@ metadata:
  labels:
    app: emoji-svc
    linkerd.io/control-plane-ns: linkerd
+spec:
+    initContainers:
+    - name: foo
+    containers:
+    - name: bar
 status:
  phase: Running
  containerStatuses:
-  - state:
+  - name: bar
+    state:
      running:
        startedAt: 1995-02-10T00:42:42Z
  initContainerStatuses:
-  - state:
+  - name: foo
+    state:
      terminated:
        signal: 9
 `,
@ -238,10 +280,14 @@ metadata:
  labels:
    app: emoji-svc
    linkerd.io/control-plane-ns: linkerd
+spec:
+    initContainers:
+    - name: foo
 status:
  phase: Pending
  initContainerStatuses:
-  - state:
+  - name: foo
+    state:
      terminated:
        exitCode: 2
        reason: CrashLoopBackOff
@ -259,17 +305,21 @@ metadata:
  labels:
    app: emoji-svc
    linkerd.io/control-plane-ns: linkerd
+spec:
+    initContainers:
+    - name: foo
 status:
  phase: Pending
  initContainerStatuses:
-  - state:
+  - name: foo
+    state:
      waiting:
        reason: someReason
 `,
 		},
 		{
 			desc:     "Pod init container is waiting on PodInitializing",
-			expected: "Init:0/0",
+			expected: "Init:0/1",
 			pod: `
 apiVersion: v1
 kind: Pod
@ -279,10 +329,14 @@ metadata:
  labels:
    app: emoji-svc
    linkerd.io/control-plane-ns: linkerd
+spec:
+    initContainers:
+    - name: foo
 status:
  phase: Pending
  initContainerStatuses:
-  - state:
+  - name: foo
+    state:
      waiting:
        reason: PodInitializing
 `,
--- a/viz/metrics-api/stat_summary_test.go
+++ b/viz/metrics-api/stat_summary_test.go
@ -229,10 +229,14 @@ metadata:
  labels:
    app: emoji-svc
    linkerd.io/control-plane-ns: linkerd
+spec:
+    initContainers:
+    - name: foo
 status:
  phase: Pending
  initContainerStatuses:
-  - state:
+  - name: foo
+    state:
      waiting:
        reason: PodInitializing
 `,
@ -249,7 +253,7 @@ status:
 					TimeWindow: "1m",
 				},
 				expectedResponse: GenStatSummaryResponse("emoji", pkgK8s.Pod, []string{"emojivoto"}, &PodCounts{
-					Status:      "Init:0/0",
+					Status:      "Init:0/1",
 					MeshedPods:  1,
 					RunningPods: 1,
 					FailedPods:  0,
@ -259,7 +263,8 @@ status:
 								{
 									Error: &pb.PodErrors_PodError_Container{
 										Container: &pb.PodErrors_PodError_ContainerError{
-											Reason: "PodInitializing",
+											Container: "foo",
+											Reason:    "PodInitializing",
 										},
 									},
 								},
--- a/viz/pkg/healthcheck/healthcheck.go
+++ b/viz/pkg/healthcheck/healthcheck.go
@ -474,7 +474,8 @@ func (hc *HealthChecker) checkPromAuthorized(ctx context.Context) error {
 			// default inbound policy is `deny`, there won't be an override
 			// annotation, but the proxy-injector will have set the env variable
 			// directly.
-			for _, c := range pod.Spec.Containers {
+			containers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
+			for _, c := range containers {
 				if c.Name == k8s.ProxyContainerName {
 					for _, env := range c.Env {
 						if env.Name == "LINKERD2_PROXY_INBOUND_DEFAULT_POLICY" && env.Value == "deny" {