chore(examples): add dontpanic controller (#121)

This commit showcases how metac controller behaves when CRD
is not applied against the k8s cluster but the controller
tries to use an instance of this CRD.

It is expected that the controller should not panic immediately
& should provide root cause of the error. This is helpful since
there can be cases where a CRD is missing but controllers try to
use their instances without above knowledge.

Signed-off-by: AmitKumarDas <amit.das@mayadata.io>

Author: Amit Kumar Das

examples/gctl/dont-panic/.gitignore

@@ -0,0 +1 @@
+/vendor/

examples/gctl/dont-panic/Dockerfile

@@ -0,0 +1,45 @@
+# --------------------------
+# Build d-operators binary
+# --------------------------
+FROM golang:1.13.5 as builder
+
+WORKDIR /example.io/dontpanic/
+
+# copy go modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+COPY Makefile Makefile
+
+COPY vendor/ vendor/
+
+# ensure vendoring is up-to-date by running make vendor 
+# in your local setup
+#
+# we cache the vendored dependencies before building and
+# copying source so that we don't need to re-download when
+# source changes don't invalidate our downloaded layer
+RUN go mod download
+RUN go mod tidy
+RUN go mod vendor
+
+# copy source file(s)
+COPY cmd/ cmd/
+
+# build the binary
+RUN make
+
+# ---------------------------
+# Use distroless as minimal base image to package the final binary
+# Refer https://github.com/GoogleContainerTools/distroless
+# ---------------------------
+FROM gcr.io/distroless/static:nonroot
+
+WORKDIR /
+
+COPY --from=builder /example.io/dontpanic/dontpanic .
+COPY config/config.yaml /etc/config/metac/
+
+USER nonroot:nonroot
+
+CMD ["/dontpanic"]

examples/gctl/dont-panic/Makefile

@@ -0,0 +1,28 @@
+ALL_SRC = $(shell find . -name "*.go" | grep -v -e "vendor")
+
+IMG_NAME ?= dontpanic
+PACKAGE_VERSION ?= latest
+
+all: bins
+
+bins: vendor $(IMG_NAME)
+
+$(IMG_NAME): $(ALL_SRC)
+	@echo "+ Generating $(IMG_NAME) binary"
+	@CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on \
+		go build -o $@ ./cmd/main.go
+
+$(ALL_SRC): ;
+
+# go mod download modules to local cache
+# make vendored copy of dependencies
+# install other go binaries for code generation
+.PHONY: vendor
+vendor: go.mod go.sum
+	@GO111MODULE=on go mod download
+	@GO111MODULE=on go mod tidy
+	@GO111MODULE=on go mod vendor
+
+.PHONY: image
+image:
+	docker build -t $(IMG_NAME):$(PACKAGE_VERSION) .

examples/gctl/dont-panic/README.md

@@ -0,0 +1,118 @@
+## DontPanic kubernetes controller
+
+This is an example of a k8s controller that demonstrates its availability irrespective of an runtime error or due to misconfigurations. In other words, controller should not crash.
+
+- This is a k8s controller that imports metac as library
+  - This enables use of inline hooks instead of webhooks
+- Controller's kubernetes resources are configured in a config file
+  - Refer: config/config.yaml
+- Controller business logic is implemented in Go
+  - Refer: cmd/main.go
+  - Kubernetes client libraries are completely abstracted from this logic
+  - Logic is implemented in respective reconcile functions
+    - A CR `IAmError` is sent as the response i.e. desired state
+    - NOTE: `IAmError`'s definition i.e. _(CRD)_ is not set in k8s cluster
+    - Hence this reconciliation should **error out**
+- Expectations:
+    - Binary should **not panic** inspite of above error
+    - Log should provide the root cause of error
+- Docker image includes the binary as well as its config file
+  - Refer: Dockerfile
+- Controller is deployed as a single StatefulSet
+  - No need of separate metac binary since metac is imported as a library
+  - Refer: dontpanic-operator.yaml
+
+### Steps
+
+```sh
+# workstation needs to have Docker
+# use kind to create a k8s cluster
+#
+# Refer: https://kind.sigs.k8s.io/docs/user/local-registry/
+sudo ./kind-with-registry.sh
+
+# cat $HOME/.kube/config
+# connect to kind cluster
+sudo kubectl cluster-info --context kind-kind
+
+# debugging info if required
+#
+# Kubernetes master is running at https://127.0.0.1:32774
+#
+# KubeDNS is running at:
+# https://127.0.0.1:32774/api/v1/namespaces/# kube-system/services/kube-dns:dns/proxy
+#
+# To further debug and diagnose cluster problems, use
+#'kubectl cluster-info dump'.
+```
+
+```sh
+# NOTE:
+# - Docker daemon always runs as a root user
+#   - sudo may not be required depending on individual confgurations
+#   - sudo is needed if docker group is not configured
+# - KIND runs entirely as containers
+#   - Hence, all kubectl commands might need to used with sudo
+```
+
+```sh
+# workstation needs to have Docker
+make image
+
+# tag the image to use the local registry
+sudo docker tag dontpanic:latest localhost:5000/dontpanic:latest
+
+# push to local registry configured to be used by kind
+sudo docker push localhost:5000/dontpanic:latest
+```
+
+```sh
+# install namespace, rbac, crds & operator
+sudo kubectl apply -f dontpanic-ns.yaml
+sudo kubectl apply -f dontpanic-rbac-crd.yaml
+sudo kubectl apply -f dontpanic-operator.yaml
+
+# verify if above were installed properly
+sudo kubectl get ns
+sudo kubectl get crd
+sudo kubectl get sts -n dontpanic
+sudo kubectl describe po -n dontpanic
+sudo kubectl get po -n dontpanic
+sudo kubectl logs -n dontpanic dontpanic-0
+```
+
+### Test
+
+```sh
+# check operator pod
+sudo kubectl get pods -n dontpanic
+
+# check operator pod logs
+sudo kubectl logs -n dontpanic dontpanic-0
+
+# create the dontpanic custom resource
+sudo kubectl apply -f dontpanic.yaml
+
+# check operator pod logs
+sudo kubectl logs -n dontpanic dontpanic-0
+```
+
+### Observations
+- Binary did not panic
+- Following were the logs that points the root cause
+
+```bash
+I0402 15:33:10.482481       1 discovery.go:174] API resources discovery completed
+I0402 15:33:10.651607       1 metacontroller.go:270] Condition failed: Will retry after 1s: Local GenericController: Failed to init dontpanic-controller: Local GenericController: Selector init failed: Can't find "iamerrors": Version "notsure.com/v1"
+```
+
+### Cleanup
+
+```sh
+sudo kubectl delete -f dontpanic.yaml
+sudo kubectl delete -f dontpanic-operator.yaml
+sudo kubectl delete -f dontpanic-rbac-crd.yaml
+sudo kubectl delete -f dontpanic-ns.yaml
+
+sudo kind delete cluster
+```

examples/gctl/dont-panic/cmd/main.go

@@ -0,0 +1,98 @@
+package main
+
+import (
+	"github.com/golang/glog"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"openebs.io/metac/controller/generic"
+	"openebs.io/metac/start"
+)
+
+// sync executes the reconciliation logic for the watched resource.
+// In this case resource under watch is a custom resource with kind
+// **DontPanic**.
+//
+// NOTE:
+// 	SyncHookRequest is the payload received as part of reconcile
+// request. Similarly, SyncHookResponse is the payload sent as a
+// response as part of reconcile request.
+//
+// NOTE:
+//	SyncHookRequest has the resource that is under watch (here
+// DontPanic custom resource)
+//
+// NOTE:
+//  Both SyncHookRequest & SyncHookResponse have the resources that
+// form the desired state based on the watched resource's specs.
+// These desired resources are termed as attachments by metac.
+// SyncHookRequest has these attachments filled up by metac based
+// on what is observed in the k8s cluster. SyncHookResponse's
+// attachments needs to be filled up with what is desired by this
+// controller logic.
+func sync(
+	request *generic.SyncHookRequest,
+	response *generic.SyncHookResponse,
+) error {
+	glog.Infof("Starting DontPanic sync")
+	defer glog.Infof("Completed DontPanic sync")
+
+	// reconciliation returns a desired CR whose definition
+	// i.e. CRD is not applied to the k8s cluster
+	//
+	// In other words, k8s cluster does not understand
+	// IAmError kind
+	desired := &unstructured.Unstructured{
+		Object: map[string]interface{}{
+			"kind":       "IAmError",
+			"apiVersion": "notsure.com/v1",
+			"metadata": map[string]interface{}{
+				"name":      request.Watch.GetName(),
+				"namespace": request.Watch.GetNamespace(),
+				"annotations": map[string]interface{}{
+					// this annotation helps in associating the watch
+					// with its corresponding attachment
+					"dontpanic/uid": string(request.Watch.GetUID()),
+				},
+			},
+			"spec": map[string]interface{}{
+				"message": "My CRD is not installed!",
+			},
+		},
+	}
+	// add this desired instance to response to let metac create
+	// it in the k8s cluster
+	response.Attachments = append(
+		response.Attachments,
+		desired,
+	)
+	return nil
+}
+
+// finalize will delete the attachment(s) created during
+// reconciliation of the watch
+//
+// NOTE:
+//	Presence of finalize in the config automatically adds
+// finalizers against the watch
+//
+// NOTE:
+// 	Once attachments are deleted from the cluster,
+// 'response.Finalized' is set to true which in turn removes
+// this finalizers from the watch
+func finalize(
+	request *generic.SyncHookRequest,
+	response *generic.SyncHookResponse,
+) error {
+	glog.Infof("Starting DontPanic finalize")
+	defer glog.Infof("Completed DontPanic finalize")
+
+	if request.Attachments.IsEmpty() {
+		response.Finalized = true
+	}
+	return nil
+}
+
+func main() {
+	generic.AddToInlineRegistry("sync/dontpanic", sync)
+	generic.AddToInlineRegistry("finalize/dontpanic", finalize)
+	start.Start()
+}

examples/gctl/dont-panic/config/config.yaml

@@ -0,0 +1,26 @@
+apiVersion: metac.openebs.io/v1alpha1
+kind: GenericController
+metadata:
+  name: dontpanic-controller
+spec:
+  watch:
+    apiVersion: example.com/v1
+    resource: dontpanics
+  attachments:
+  - apiVersion: notsure.com/v1
+    resource: iamerrors
+    advancedSelector:
+      selectorTerms:
+      - matchReferenceExpressions:
+        # select IAmError if its annotation
+        #
+        # matches DontPanic _(i.e. watch)_ UID
+        - key: metadata.annotations.dontpanic/uid
+          operator: EqualsWatchUID
+  hooks:
+    sync:
+      inline:
+        funcName: sync/dontpanic
+    finalize:
+      inline:
+        funcName: finalize/dontpanic

examples/gctl/dont-panic/dontpanic-ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dontpanic

examples/gctl/dont-panic/dontpanic-operator.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app.mayadata.io/name: dontpanic
+  name: dontpanic
+  namespace: dontpanic
+spec:
+  replicas: 1
+  serviceName: ""
+  selector:
+    matchLabels:
+      app.mayadata.io/name: dontpanic
+  template:
+    metadata:
+      labels:
+        app.mayadata.io/name: dontpanic
+    spec:
+      serviceAccountName: dontpanic
+      containers:
+      - name: dontpanic
+        image: localhost:5000/dontpanic:latest # local registry
+        command: ["/dontpanic"]
+        args:
+        - --logtostderr
+        - --run-as-local
+        - --workers-count=1 # number of workers per controller
+        - --discovery-interval=40s
+        - --cache-flush-interval=240s # re-sync interval
+        - -v=7 # this will give us startup errors if any
+---