fix: set revision history limit to 1 on deployments and statefulsets (#…

…268) Signed-off-by: Artur Troian <[email protected]>
akash-network · Feb 14, 2025 · b0d8a4d · b0d8a4d
1 parent 4e32c74
commit b0d8a4d
Show file tree

Hide file tree

Showing 29 changed files with 346 additions and 262 deletions.
diff --git a/.goreleaser-docker.yaml b/.goreleaser-docker.yaml
@@ -1,24 +1,49 @@
+---
 version: 2
 project_name: provider
 env:
   - GO111MODULE=on
   - DOCKER_CLI_EXPERIMENTAL="enabled"
+  - CGO_ENABLED=1
 builds:
-  - id: provider-services-linux
+  - id: provider-services-linux-arm64
     binary: provider-services
     main: ./cmd/provider-services
     goarch:
-      - amd64
       - arm64
     goos:
       - linux
+    env:
+      - CC=aarch64-linux-gnu-gcc
+      - CXX=aarch64-linux-gnu-g++
+    flags:
+      - "-mod={{ .Env.MOD }}"
+      - "-tags={{ .Env.BUILD_TAGS }}"
+      - -trimpath
+    ldflags:
+      - "{{ .Env.BUILD_VARS }}"
+      - "{{ .Env.STRIP_FLAGS }}"
+      - "-linkmode={{ .Env.LINKMODE }}"
+      - -extldflags "-lc -lrt -lpthread --static"
+  - id: provider-services-linux-amd64
+    binary: provider-services
+    main: ./cmd/provider-services
+    goarch:
+      - amd64
+    goos:
+      - linux
+    env:
+      - CC=x86_64-linux-gnu-gcc
+      - CXX=x86_64-linux-gnu-g++
     flags:
       - "-mod={{ .Env.MOD }}"
       - "-tags={{ .Env.BUILD_TAGS }}"
       - -trimpath
     ldflags:
       - "{{ .Env.BUILD_VARS }}"
       - "{{ .Env.STRIP_FLAGS }}"
+      - "-linkmode={{ .Env.LINKMODE }}"
+      - -extldflags "-lc -lrt -lpthread --static"
 archives:
   - format: binary
 dockers:

diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,24 @@
-FROM debian:bullseye
+FROM ubuntu:noble
 LABEL "org.opencontainers.image.source"="https://github.com/akash-network/provider"
 
 COPY provider-services /usr/bin/
 
+ENV DEBIAN_FRONTEND=noninteractive
+
 RUN \
     apt-get update \
  && apt-get install -y --no-install-recommends \
     tini \
+    jq \
+    bc \
+    mawk \
+    curl \
     ca-certificates \
     pci.ids \
  && rm -rf /var/lib/apt/lists/*
 
+ENV DEBIAN_FRONTEND=""
+
 # default port for provider API
 EXPOSE 8443
 

diff --git a/Makefile b/Makefile
@@ -1,8 +1,4 @@
 GOBIN                  := $(shell go env GOPATH)/bin
-KIND_APP_IP            ?= $(shell make -sC _run/kube kind-k8s-ip)
-KIND_APP_PORT          ?= $(shell make -sC _run/kube app-http-port)
-KIND_VARS              ?= KUBE_INGRESS_IP="$(KIND_APP_IP)" KUBE_INGRESS_PORT="$(KIND_APP_PORT)"
-
 LEDGER_ENABLED         ?= true
 
 include make/init.mk

diff --git a/_run/.envrc b/_run/.envrc
@@ -8,3 +8,5 @@ fi
 if ! has tqdm ; then
 	echo -e "\033[31mtqdm is not installed. https://github.com/tqdm/tqdm"; exit 1
 fi
+
+dotenv .env
diff --git a/_run/.envrc_run b/_run/.envrc_run
@@ -1,8 +1,8 @@
+source_up .envrc
+
 AP_RUN_NAME=$(basename "$(pwd)")
 AP_RUN_DIR="${DEVCACHE_RUN}/${AP_RUN_NAME}"
 
 export AKASH_HOME="${AP_RUN_DIR}/.akash"
 export AP_RUN_NAME
 export AP_RUN_DIR
-
-dotenv .env
diff --git a/_run/kube/.envrc b/_run/kube/.envrc
diff --git a/_run/kube/.envrc b/_run/kube/.envrc
@@ -0,0 +1 @@
+../.envrc_run
diff --git a/_run/kube/key.key b/_run/kube/key.key
@@ -0,0 +1,9 @@
+-----BEGIN TENDERMINT PRIVATE KEY-----
+kdf: bcrypt
+salt: EAE151E3A990D0509979F9F8D2387C20
+type: secp256k1
+
+/LtGnQIsFnwa4QZzMlzQANGT43ayv/0P50Cfcoz0muXP3mvUsHu/ifdN9WV1vryO
+/EdmbmBIkgq7G3L0YpU85Lu5/+O5nNN3erLtQk0=
+=0Zx3
+-----END TENDERMINT PRIVATE KEY-----
diff --git a/_run/kube/key2.key b/_run/kube/key2.key
@@ -0,0 +1,9 @@
+-----BEGIN TENDERMINT PRIVATE KEY-----
+kdf: bcrypt
+salt: CF5040F935D19E50F32924074482B533
+type: secp256k1
+
+M/HGSTz9+SQtYnftu9txVfX/qibznv4sEcVgt2PXdxZpWQNSqHiHIhQeQ1ZmCsWd
+GhQ8l3AhaLgBk5qsHO8R9eA1aQ3TGep0WtDgKA4=
+=XYTy
+-----END TENDERMINT PRIVATE KEY-----
diff --git a/balance_checker.go b/balance_checker.go
@@ -225,8 +225,8 @@ func (bc *balanceChecker) run(startCh chan<- error) {
 loop:
 	for {
 		select {
-		case <-bc.lc.ShutdownRequest():
-			bc.log.Debug("shutting down")
+		case shutdownErr := <-bc.lc.ShutdownRequest():
+			bc.log.Debug("received shutdown request", "err", shutdownErr)
 			bc.lc.ShutdownInitiated(nil)
 			cancel()
 			break loop

diff --git a/bidengine/service.go b/bidengine/service.go
@@ -96,7 +96,11 @@ func NewService(pctx context.Context, aqc sclient.QueryClient, session session.S
 	go s.lc.WatchContext(ctx)
 	go s.run(pctx)
 	group.Go(func() error {
-		return s.ordersFetcher(ctx, aqc)
+		err := s.ordersFetcher(ctx, aqc)
+
+		<-ctx.Done()
+
+		return err
 	})
 
 	return s, nil
@@ -276,7 +280,8 @@ func (s *service) run(ctx context.Context) {
 loop:
 	for {
 		select {
-		case <-s.lc.ShutdownRequest():
+		case shutdownErr := <-s.lc.ShutdownRequest():
+			s.session.Log().Debug("received shutdown request", "err", shutdownErr)
 			s.lc.ShutdownInitiated(nil)
 			s.cancel()
 			break loop

diff --git a/cluster/inventory.go b/cluster/inventory.go
@@ -519,6 +519,7 @@ loop:
 	for {
 		select {
 		case err := <-is.lc.ShutdownRequest():
+			is.log.Debug("received shutdown request", "err", err)
 			is.lc.ShutdownInitiated(err)
 			break loop
 		case ev := <-is.sub.Events():

diff --git a/cluster/kube/apply.go b/cluster/kube/apply.go
@@ -4,13 +4,16 @@ package kube
 
 import (
 	"context"
+	"encoding/json"
 	"reflect"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	netv1 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	k8stypes "k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/kubernetes"
 
 	metricsutils "github.com/akash-network/node/util/metrics"
@@ -20,6 +23,12 @@ import (
 	crdapi "github.com/akash-network/provider/pkg/client/clientset/versioned"
 )
 
+type k8sPatch struct {
+	Op    string      `json:"op"`
+	Path  string      `json:"path"`
+	Value interface{} `json:"value"`
+}
+
 func applyNS(ctx context.Context, kc kubernetes.Interface, b builder.NS) (*corev1.Namespace, *corev1.Namespace, *corev1.Namespace, error) {
 	oobj, err := kc.CoreV1().Namespaces().Get(ctx, b.Name(), metav1.GetOptions{})
 	metricsutils.IncCounterVecWithLabelValuesFiltered(kubeCallsCounter, "namespaces-get", err, errors.IsNotFound)
@@ -144,12 +153,57 @@ func applyDeployment(ctx context.Context, kc kubernetes.Interface, b builder.Dep
 	case err == nil:
 		curr := oobj.DeepCopy()
 		oobj, err = b.Update(oobj)
-		if err == nil && (b.IsObjectRevisionLatest(curr.Labels) ||
+		if err != nil {
+			break
+		}
+
+		if b.IsObjectRevisionLatest(curr.Labels) ||
 			!reflect.DeepEqual(&curr.Spec, &oobj.Spec) ||
-			!reflect.DeepEqual(curr.Labels, oobj.Labels)) {
+			!reflect.DeepEqual(curr.Labels, oobj.Labels) {
 			uobj, err = kc.AppsV1().Deployments(b.NS()).Update(ctx, oobj, metav1.UpdateOptions{})
 			metricsutils.IncCounterVecWithLabelValues(kubeCallsCounter, "deployments-update", err)
 		}
+
+		var patches []k8sPatch
+
+		if rev := curr.Spec.RevisionHistoryLimit; rev == nil || *rev != 10 {
+			patches = append(patches, k8sPatch{
+				Op:    "add",
+				Path:  "/spec/revisionHistoryLimit",
+				Value: int32(10),
+			})
+		}
+
+		ustrategy := &oobj.Spec.Strategy
+		if uobj != nil {
+			ustrategy = &uobj.Spec.Strategy
+		}
+
+		maxSurge := intstr.FromInt32(0)
+		maxUnavailable := intstr.FromInt32(1)
+
+		strategy := appsv1.DeploymentStrategy{
+			Type: appsv1.RollingUpdateDeploymentStrategyType,
+			RollingUpdate: &appsv1.RollingUpdateDeployment{
+				MaxUnavailable: &maxUnavailable,
+				MaxSurge:       &maxSurge,
+			},
+		}
+
+		if !reflect.DeepEqual(&strategy, &ustrategy) {
+			patches = append(patches, k8sPatch{
+				Op:    "replace",
+				Path:  "/spec/strategy",
+				Value: strategy,
+			})
+		}
+
+		if len(patches) > 0 {
+			data, _ := json.Marshal(patches)
+
+			oobj, err = kc.AppsV1().Deployments(b.NS()).Patch(ctx, oobj.Name, k8stypes.JSONPatchType, data, metav1.PatchOptions{})
+			metricsutils.IncCounterVecWithLabelValues(kubeCallsCounter, "deployments-patch", err)
+		}
 	case errors.IsNotFound(err):
 		oobj, err = b.Create()
 		if err == nil {
@@ -172,13 +226,57 @@ func applyStatefulSet(ctx context.Context, kc kubernetes.Interface, b builder.St
 	case err == nil:
 		curr := oobj.DeepCopy()
 		oobj, err = b.Update(oobj)
-		if err == nil && (b.IsObjectRevisionLatest(curr.Labels) ||
+		if err != nil {
+			break
+		}
+
+		if b.IsObjectRevisionLatest(curr.Labels) ||
 			!reflect.DeepEqual(&curr.Spec, &oobj.Spec) ||
-			!reflect.DeepEqual(curr.Labels, oobj.Labels)) {
+			!reflect.DeepEqual(curr.Labels, oobj.Labels) {
 			uobj, err = kc.AppsV1().StatefulSets(b.NS()).Update(ctx, oobj, metav1.UpdateOptions{})
 			metricsutils.IncCounterVecWithLabelValues(kubeCallsCounter, "statefulset-update", err)
-
 		}
+
+		// var patches []k8sPatch
+		//
+		// if rev := curr.Spec.RevisionHistoryLimit; rev == nil || *rev != 10 {
+		// 	patches = append(patches, k8sPatch{
+		// 		Op:    "add",
+		// 		Path:  "/spec/revisionHistoryLimit",
+		// 		Value: int32(10),
+		// 	})
+		// }
+		//
+		// ustrategy := &oobj.Spec.UpdateStrategy
+		// if uobj != nil {
+		// 	ustrategy = &uobj.Spec.UpdateStrategy
+		// }
+		//
+		// partition := int32(0)
+		// maxUnavailable := intstr.FromInt32(1)
+		//
+		// strategy := appsv1.StatefulSetUpdateStrategy{
+		// 	Type: appsv1.RollingUpdateStatefulSetStrategyType,
+		// 	RollingUpdate: &appsv1.RollingUpdateStatefulSetStrategy{
+		// 		Partition:      &partition,
+		// 		MaxUnavailable: &maxUnavailable,
+		// 	},
+		// }
+		//
+		// if !reflect.DeepEqual(&strategy, ustrategy) {
+		// 	patches = append(patches, k8sPatch{
+		// 		Op:    "replace",
+		// 		Path:  "/spec/updateStrategy",
+		// 		Value: strategy,
+		// 	})
+		// }
+		//
+		// if len(patches) > 0 {
+		// 	data, _ := json.Marshal(patches)
+		//
+		// 	oobj, err = kc.AppsV1().StatefulSets(b.NS()).Patch(ctx, oobj.Name, k8stypes.JSONPatchType, data, metav1.PatchOptions{})
+		// 	metricsutils.IncCounterVecWithLabelValues(kubeCallsCounter, "statefulset-patch", err)
+		// }
 	case errors.IsNotFound(err):
 		oobj, err = b.Create()
 		if err == nil {
@@ -242,21 +340,3 @@ func applyManifest(ctx context.Context, kc crdapi.Interface, b builder.Manifest)
 
 	return nobj, uobj, oobj, err
 }
-
-// TODO: re-enable.  see #946
-// func applyRestrictivePodSecPoliciesToNS(ctx context.Context, kc kubernetes.Interface, p builder.PspRestricted) error {
-// 	obj, err := kc.PolicyV1beta1().PodSecurityPolicies().Get(ctx, p.Name(), metav1.GetOptions{})
-// 	switch {
-// 	case err == nil:
-// 		obj, err = p.Update(obj)
-// 		if err == nil {
-// 			_, err = kc.PolicyV1beta1().PodSecurityPolicies().Update(ctx, obj, metav1.UpdateOptions{})
-// 		}
-// 	case errors.IsNotFound(err):
-// 		obj, err = p.Create()
-// 		if err == nil {
-// 			_, err = kc.PolicyV1beta1().PodSecurityPolicies().Create(ctx, obj, metav1.CreateOptions{})
-// 		}
-// 	}
-// 	return err
-// }
diff --git a/cluster/kube/builder/deployment.go b/cluster/kube/builder/deployment.go
@@ -4,6 +4,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 )
 
 type Deployment interface {
@@ -31,6 +32,11 @@ func NewDeployment(workload Workload) Deployment {
 func (b *deployment) Create() (*appsv1.Deployment, error) { // nolint:golint,unparam
 	falseValue := false
 
+	revisionHistoryLimit := int32(10)
+
+	maxSurge := intstr.FromInt32(0)
+	maxUnavailable := intstr.FromInt32(1)
+
 	kdeployment := &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   b.Name(),
@@ -40,7 +46,15 @@ func (b *deployment) Create() (*appsv1.Deployment, error) { // nolint:golint,unp
 			Selector: &metav1.LabelSelector{
 				MatchLabels: b.selectorLabels(),
 			},
-			Replicas: b.replicas(),
+			Strategy: appsv1.DeploymentStrategy{
+				Type: appsv1.RollingUpdateDeploymentStrategyType,
+				RollingUpdate: &appsv1.RollingUpdateDeployment{
+					MaxUnavailable: &maxUnavailable,
+					MaxSurge:       &maxSurge,
+				},
+			},
+			RevisionHistoryLimit: &revisionHistoryLimit,
+			Replicas:             b.replicas(),
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
 					Labels: b.labels(),