Lifecycle hooks for CNI Plugin

lifecycle_hook.sh

#!/usr/bin/env bash
set -e

# Helper script to automatically taint/untaint node based on CNI condition.
# Used as a lifecycle hook for CNI Deployment.
# Tainting helps to prevent FailedCreatePodSandbox issue caused by long CNI Plugin startup/restart
# when there are pods scheduled on the nodes which doesn't have IP addresses assigned yet.

# Expected environment variables:
# MY_NODE_NAME - Name of the node.

# Taint to set on the node.
TAINT=UnableAllocateIPAddresses

taintNode () {
  /usr/bin/kubectl taint nodes --overwrite $*
}

runPreStop () {
  taintNode "${MY_NODE_NAME}" "${TAINT}=true:NoSchedule"
}

# Check if gRPC is listening on the port by writing to it.
# This is a lightweight alternative to using lsof/nc/netcat.
# wget/curl doesn't work here because it is a TCP connection, not an HTTP.
grpcListening () {
  (echo >/dev/tcp/localhost/50051) &>/dev/null
}

waitCNIReady () {
  until grpcListening;
  do
    echo "waiting for GRPC port";
    sleep 2;
  done
  # wait for warming.
  sleep 2;
}

runPostStart () {
  # Auto-taint, just in case it was not tainted before.
  taintNode "${MY_NODE_NAME}" "${TAINT}=true:NoSchedule"
  # wait until CNI Plugin started.
  waitCNIReady
  # Untaint the node.
  taintNode "${MY_NODE_NAME}" "${TAINT}:NoSchedule-"
}

usage () {
  echo "Valid options: preStop, postStart"
  exit 1
}

main () {
  command=$1
  case ${command} in
    preStop)
      runPreStop
    ;;

    postStart)
      runPostStart
    ;;

    waitCNIReady)
      waitCNIReady
    ;;

    *)
      usage
    ;;
  esac
}

main $*