java source code of KubernetesPodEventTranslator

styx-master
- .github
  - PULL_REQUEST_TEMPLATE.md
- styx-common
  - src
    - main
      - java
        com
        spotify
        styx
        state
        StateData.java
        Message.java
        TriggerVisitor.java
        testdata
        TestData.java
        serialization
        Json.java
        PersistentEvent.java
        PersistentTrigger.java
        api
        ResourcesPayload.java
        BackfillsPayload.java
        BackfillPayload.java
        RunStateDataPayload.java
        TestServiceAccountUsageAuthorizationResponse.java
        TestServiceAccountUsageAuthorizationRequest.java
        EventsPayload.java
        util
        WorkflowValidator.java
        CloserUtil.java
        GuardedRunnable.java
        ParameterUtil.java
        TypeWrapperModule.java
        RandomGenerator.java
        ResourceNotFoundException.java
        RetryUtil.java
        Time.java
        TriggerInstantSpec.java
        TriggerUtil.java
        IsClosedException.java
        GoogleApiClientUtil.java
        FutureUtil.java
        TimeUtil.java
        CachedSupplier.java
        BasicWorkflowValidator.java
        ExceptionUtil.java
        EventUtil.java
        WorkflowStateUtil.java
        DockerImageValidator.java
        model
        Resource.java
        WorkflowState.java
        WorkflowConfiguration.java
        ExecutionDescription.java
        Backfill.java
        EditableBackfillInput.java
        TriggerRequest.java
        BackfillInput.java
        WorkflowWithState.java
        EventVisitor.java
        data
        EventInfo.java
        Trigger.java
        ExecStatus.java
        WorkflowInstanceExecutionData.java
        Execution.java
        WorkflowInstance.java
        TriggerParameters.java
        SequenceEvent.java
        Workflow.java
        Schedule.java
        WorkflowId.java
    - test
      - java
        com
        spotify
        styx
        state
        StateDataTest.java
        StateDataSerializationTest.java
        serialization
        PersistentTriggerTest.java
        PersistentEventTest.java
        JsonRoundtripTest.java
        JsonTest.java
        util
        ExceptionUtilTest.java
        DockerImageValidatorTest.java
        CloserUtilTest.java
        FutureUtilTest.java
        RandomGeneratorTest.java
        CachedSupplierTest.java
        ParameterUtilTest.java
        RetryUtilTest.java
        EventUtilTest.java
        BasicWorkflowValidatorTest.java
        TimeUtilTest.java
        WorkflowStateUtilTest.java
        TriggerUtilTest.java
        GoogleApiClientUtilTest.java
        GuardedRunnableTest.java
        model
        WorkflowInstanceTest.java
        WorkflowConfigurationTest.java
        data
        WorkflowInstanceExecutionDataTest.java
  - pom.xml
- .circleci
  - config.yml
- styx-e2e-test
  - src
    - main
      - java
        com
        spotify
        styx
        e2e_tests
        Dummy.java
    - test
      - resources
        reference.conf
        styx-e2e-test-scheduler.conf
        styx-e2e-test-api.conf
      - java
        com
        spotify
        styx
        e2e_tests
        ScheduledTriggeringIT.java
        DatastoreCleanupTest.java
        EndToEndTestBase.java
        DatastoreUtil.java
        TestNamespaces.java
        KubernetesCleanupTest.java
        AdHocTriggeringIT.java
        DummyTest.java
        BackfillIT.java
        CreateDeleteWorkflowIT.java
        ServiceAccountCleanupTest.java
        TestNamespacesTest.java
  - pom.xml
- checkstyle-idea.xml
- checkstyle.xml
- pom.xml
- LICENSE
- CONTRIBUTING.md
- styx-cli-unshaded
  - src
    - main
      - java
        com
        spotify
        styx
        cli
        CliOutput.java
        CliExitException.java
        PrettyCliOutput.java
        CliUtil.java
        JsonCliOutput.java
        CliMain.java
        PlainCliOutput.java
    - test
      - resources
        com
        spotify
        styx
        cli
        bad-content.yaml
        workflows.yaml
        wf-missing-schedule.yaml
      - java
        com
        spotify
        styx
        cli
        CliMainTest.java
        PlainCliOutputTest.java
        JsonCliOutputTest.java
        PrettyCliOutputTest.java
  - pom.xml
- styx-api-service
  - src
    - main
      - java
        com
        spotify
        styx
        StyxApi.java
        api
        WorkflowResource.java
        SchedulerProxyResource.java
        workflow
        WorkflowInitializationException.java
        WorkflowInitializer.java
        BackfillResource.java
        util
        InvalidParametersException.java
        ResourceResource.java
        StatusResource.java
    - test
      - java
        com
        spotify
        styx
        api
        StatusResourceTest.java
        WorkflowResourceTest.java
        ResourceResourceTest.java
        workflow
        WorkflowInitializerTest.java
        util
        ApiTestUtil.java
        JsonMatchers.java
        VersionedApiTest.java
        BackfillResourceTest.java
        ApiVersionTestUtils.java
        SchedulerProxyResourceTest.java
        StyxApiTest.java
  - pom.xml
  - bin
    - api-test.sh
    - run-service.sh
- styx-scheduler-service
  - src
    - main
      - java
        com
        spotify
        styx
        Cleaner.java
        monitoring
        MonitoringHandler.java
        MeteredDockerRunnerProxy.java
        MeteredFabric8KubernetesClientProxy.java
        ScheduledExecutionUtil.java
        state
        InstanceState.java
        PersistentStateManager.java
        StateManager.java
        StateTransitionConflictException.java
        handlers
        ExecutionDescriptionHandler.java
        DockerRunnerHandler.java
        HandlerUtil.java
        TerminationHandler.java
        TimeoutHandler.java
        StateUtil.java
        TimeoutConfig.java
        consumers
        PublisherHandler.java
        TransitionLogger.java
        api
        SchedulerResource.java
        StateInitializingTrigger.java
        BackfillTriggerManager.java
        TriggerManager.java
        TriggerListener.java
        docker
        Fabric8KubernetesClient.java
        KubernetesPodEventTranslator.java
        KubernetesGCPServiceAccountSecretManager.java
        RoutingDockerRunner.java
        KubernetesDockerRunner.java
        DockerRunnerId.java
        InvalidExecutionException.java
        DockerRunner.java
        WorkflowResourceDecorator.java
        ServiceAccountKeyManager.java
        MissingRequiredPropertyException.java
        MessageUtil.java
        Scheduler.java
        StyxScheduler.java
    - test
      - resources
        ca.crt
        client.key
        client.crt
        styx-scheduler.conf
        ttl.conf
      - java
        com
        spotify
        styx
        BackfillTriggerManagerTest.java
        StateInitializingTriggerTest.java
        monitoring
        MeteredDockerRunnerProxyTest.java
        MeteredFabric8KubernetesClientProxyTest.java
        TriggerManagerTest.java
        QuietDeterministicScheduler.java
        SchedulerTest.java
        state
        StateUtilTest.java
        handlers
        TimeoutHandlerTest.java
        TerminationHandlerTest.java
        HandlerUtilTest.java
        ExecutionDescriptionHandlerTest.java
        MonitoringHandlerTest.java
        DockerRunnerHandlerTest.java
        TimeoutConfigTest.java
        consumers
        TransitionLoggerTest.java
        PublisherHandlerTest.java
        PersistentStateManagerTest.java
        SystemTest.java
        api
        SchedulerResourceTest.java
        FakeScheduledExecutorService.java
        docker
        KubernetesPodEventTranslatorTest.java
        RoutingDockerRunnerTest.java
        KubernetesGCPServiceAccountSecretManagerTest.java
        DockerRunnerIdTest.java
        KubernetesDockerRunnerPodPollerTest.java
        KubernetesDockerRunnerPodResourceTest.java
        KubernetesDockerRunnerTest.java
        Fabric8KubernetesClientTest.java
        StyxSchedulerTest.java
        CleanerTest.java
        StyxSchedulerServiceFixture.java
        ScheduledExecutionUtilTest.java
        ServiceAccountKeyManagerTest.java
        MessageUtilTest.java
  - pom.xml
  - bin
    - test-prod-restore.sh
    - test-workflow-fetch.sh
    - run-service.sh
- styx-cli
  - src
    - main
      - java
        com
        spotify
        styx
        cli
        package-info.java
  - pom.xml
  - bin
    - styx
- README.md
- .codecov.yml
- styx-service-common
  - src
    - main
      - java
        com
        spotify
        styx
        publisher
        Publisher.java
        NoopPublisher.java
        monitoring
        StatsFactory.java
        MetricsStats.java
        MeteredProxy.java
        MeteredStorageProxy.java
        Stats.java
        NoopStats.java
        TracingProxy.java
        storage
        RuntimeIOException.java
        StorageException.java
        InstrumentedTransaction.java
        StorageTransaction.java
        InstrumentedBatch.java
        CheckedDatastoreTransaction.java
        DatastoreIOException.java
        Storage.java
        InstrumentedDatastoreReader.java
        BigtableStorage.java
        WFIExecutionBuilder.java
        CheckedDatastoreReaderWriter.java
        TransactionFunction.java
        DatastoreStorageTransaction.java
        InstrumentedDatastoreReaderWriter.java
        CheckedDatastore.java
        DatastoreStorage.java
        InstrumentedDatastore.java
        InstrumentedQueryResults.java
        IOConsumer.java
        InstrumentedDatastoreWriter.java
        AggregateStorage.java
        InstrumentedDatastoreBatchWriter.java
        IOOperation.java
        TransactionException.java
        state
        RunState.java
        MDCDecoratingHandler.java
        EventRouter.java
        OutputHandler.java
        EventConsumer.java
        api
        Authenticator.java
        ServiceAccounts.java
        AuthenticatorFactory.java
        ServiceAccountUsageAuthorizer.java
        AuthenticatorConfiguration.java
        ManagedServiceAccountKeyCredential.java
        Middlewares.java
        RequestAuthenticator.java
        Api.java
        ResponseException.java
        WorkflowActionAuthorizer.java
        util
        CounterSnapshotFactory.java
        ShardedCounter.java
        ConfigUtil.java
        Connections.java
        CounterSnapshot.java
        ReplayEvents.java
        Debug.java
        ExtendedWorkflowValidator.java
        ShardedCounterSnapshotFactory.java
        ShardNotFoundException.java
        GrpcContextUtil.java
        MDCUtil.java
        AlreadyInitializedException.java
        Shard.java
        CounterCapacityException.java
        GcpUtil.java
        StorageFactory.java
        model
        StyxConfig.java
    - test
      - java
        com
        spotify
        styx
        WorkflowInstanceEventFactory.java
        monitoring
        TracingProxyTest.java
        MetricsStatsTest.java
        MeteredStorageProxyTest.java
        storage
        CheckedDatastoreReaderWriterTest.java
        InstrumentedDatastoreTest.java
        StorageTest.java
        CheckedDatastoreTransactionTest.java
        IOConsumerTest.java
        IOOperationTest.java
        WFIExecutionBuilderTest.java
        CheckedDatastoreTest.java
        AggregateStorageTest.java
        BigTableStorageTest.java
        TransactionExceptionTest.java
        DatastoreStorageTransactionTest.java
        DatastoreStorageTest.java
        state
        RunStateTest.java
        OutputHandlerTest.java
        EventConsumerTest.java
        MDCDecoratingHandlerTest.java
        api
        AuthenticatorFactoryTest.java
        WorkflowActionAuthorizerTest.java
        ApiTest.java
        ServiceAccountsTest.java
        AuthenticatorTest.java
        AuthenticatorConfigurationTest.java
        RequestAuthenticatorTest.java
        ServiceAccountUsageAuthorizerTest.java
        GoogleIdTokenVerifierTest.java
        ManagedServiceAccountKeyCredentialTest.java
        MiddlewaresTest.java
        util
        ShardedCounterTest.java
        MockSpan.java
        ExtendedWorkflowValidatorTest.java
        ShardedCounterSnapshotFactoryTest.java
        ReplayEventsTest.java
        ConfigUtilTest.java
        GcpUtilTest.java
        ConnectionsTest.java
        MDCUtilTest.java
        GrpcContextUtilTest.java
  - pom.xml
- styx-client
  - src
    - main
      - java
        com
        spotify
        styx
        client
        ClientErrorException.java
        ApiErrorException.java
        FutureOkHttpClient.java
        GoogleIdTokenAuth.java
        StyxSchedulerClient.java
        StyxStatusClient.java
        InputErrorException.java
        StyxResourceClient.java
        StyxOkHttpClient.java
        StyxBackfillClient.java
        StyxClientFactory.java
        StyxWorkflowClient.java
        StyxClient.java
    - test
      - java
        com
        spotify
        styx
        client
        OkHttpTestUtil.java
        GoogleIdTokenAuthTest.java
        ApiErrorExceptionTest.java
        FutureOkHttpClientTest.java
        StyxOkHttpClientTest.java
  - pom.xml
- styx-report
  - pom.xml
- .gitignore
- styx-standalone-service
  - src
    - main
      - resources
        logback.xml
        styx-standalone.conf
      - java
        com
        spotify
        styx
        StyxService.java
  - pom.xml
- suppressions.xml
- doc
  - external-services.md
  - design-overview.md
  - audit-logging.md
  - api.apib
- gcloud-sdk-url.txt
- styx-test
  - src
    - main
      - resources
        logback.xml
      - java
        com
        spotify
        styx
        storage
        BigtableMocker.java
        DatastoreEmulator.java
        util
        StringIsValidUuid.java
        ClassEnforcer.java
        TestLogger.java
    - test
      - java
        com
        spotify
        styx
        storage
        DatastoreEmulatorTest.java
        util
        ClassEnforcerTest.java
        StringIsValidUuidTest.java
        TestLoggerTest.java
  - pom.xml

/*-
 * -\-\-
 * Spotify Styx Scheduler Service
 * --
 * Copyright (C) 2016 Spotify AB
 * --
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * -/-/-
 */

package com.spotify.styx.docker;

import static com.spotify.styx.docker.DockerRunner.LOG;
import static com.spotify.styx.docker.KubernetesDockerRunner.DOCKER_TERMINATION_LOGGING_ANNOTATION;
import static com.spotify.styx.docker.KubernetesDockerRunner.getMainContainerStatus;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.spotify.styx.model.Event;
import com.spotify.styx.model.WorkflowInstance;
import com.spotify.styx.monitoring.Stats;
import com.spotify.styx.serialization.Json;
import com.spotify.styx.state.RunState;
import io.fabric8.kubernetes.api.model.ContainerState;
import io.fabric8.kubernetes.api.model.ContainerStateTerminated;
import io.fabric8.kubernetes.api.model.ContainerStatus;
import io.fabric8.kubernetes.api.model.Pod;
import io.fabric8.kubernetes.api.model.PodStatus;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import okio.ByteString;

final class KubernetesPodEventTranslator {

  private KubernetesPodEventTranslator() {
    throw new UnsupportedOperationException();
  }

  private static class TerminationLogMessage {
    int exitCode;

    @JsonCreator
    public TerminationLogMessage(
        @JsonProperty(value = "exit_code", required = true) int exitCode
    ) {
      this.exitCode = exitCode;
    }
  }

  private static Optional<Integer> getExitCodeIfValid(String workflowInstance,
                                                      Pod pod,
                                                      ContainerStatus status,
                                                      Stats stats) {
    final ContainerStateTerminated terminated = status.getState().getTerminated();

    // Check termination log exit code, if available
    if (Optional.ofNullable(pod.getMetadata().getAnnotations())
        .map(annotations -> "true".equals(annotations.get(DOCKER_TERMINATION_LOGGING_ANNOTATION)))
        .orElse(false)) {
      if (terminated.getMessage() == null) {
        LOG.warn("Missing termination log message for workflow instance {} container {}",
                 workflowInstance, status.getContainerID());
        stats.recordTerminationLogMissing();
      } else {
        try {
          final TerminationLogMessage message = Json.deserialize(
              ByteString.encodeUtf8(terminated.getMessage()), TerminationLogMessage.class);

          if (!Objects.equals(message.exitCode, terminated.getExitCode())) {
            LOG.warn("Exit code mismatch for workflow instance {} container {}. Container exit code: {}. "
                + "Termination log exit code: {}",
                workflowInstance, status.getContainerID(), terminated.getExitCode(),
                message.exitCode);
            stats.recordExitCodeMismatch();
          }

          if (terminated.getExitCode() != null && message.exitCode == 0) {
            // If we have a non-zero container exit code but a zero termination log exit code,
            // return the container exit code to indicate failure. This guards against jobs that
            // incorrectly write a successful exit code to the termination log _before_ running
            // the actual job, which then fails. We could then still incorrectly get a zero exit
            // code from docker, but there is not a lot we can do about that.
            return Optional.of(terminated.getExitCode());
          } else {
            return Optional.of(message.exitCode);
          }
        } catch (IOException e) {
          stats.recordTerminationLogInvalid();
          LOG.warn("Unexpected termination log message for workflow instance {} container {}",
              workflowInstance, status.getContainerID(), e);
        }
      }

      // If there's no termination log exit code, fall back to k8s exit code if it is not zero.
      // Rationale: It is important for users to be able to get the exit code of the container to be
      // able to debug failures, but at the same time we must be careful about using the use the k8s
      // exit code when checking whether the execution was successful as dockerd some times returns
      // incorrect exit codes.
      // TODO: consider separating execution status and debugging info in the "terminate" event.
      if (terminated.getExitCode() != null && terminated.getExitCode() != 0) {
        return Optional.of(terminated.getExitCode());
      } else {
        return Optional.empty();
      }
    }

    // No termination log expected, use k8s exit code
    if (terminated.getExitCode() == null) {
      LOG.warn("Missing exit code for workflow instance {} container {}", workflowInstance,
               status.getContainerID());
      return Optional.empty();
    } else {
      // there are cases k8s marks the pod failed but with exitCode 0
      if ("Failed".equals(pod.getStatus().getPhase()) && terminated.getExitCode() == 0) {
        return Optional.empty();
      }
      return Optional.of(terminated.getExitCode());
    }
  }

  static List<Event> translate(
      WorkflowInstance workflowInstance,
      RunState state,
      Pod pod,
      Stats stats) {

    final Optional<ContainerStatus> mainContainerStatusOpt = getMainContainerStatus(pod);

    final Optional<Event> hasError = isInErrorState(workflowInstance, pod, mainContainerStatusOpt);
    if (hasError.isPresent()) {
      return handleError(state, hasError.get());
    }

    if (isExited(pod, mainContainerStatusOpt)) {
      return handleExited(workflowInstance, state, pod, mainContainerStatusOpt, stats);
    }

    if (isStarted(pod, mainContainerStatusOpt)) {
      return handleStarted(workflowInstance, state);
    }

    return List.of();
  }

  private static List<Event> handleExited(WorkflowInstance workflowInstance, RunState state,
                                                Pod pod,
                                                Optional<ContainerStatus> mainContainerStatusOpt,
                                                Stats stats) {
    final List<Event> generatedEvents = Lists.newArrayList();

    switch (state.state()) {
      case PREPARE:
      case SUBMITTED:
        generatedEvents.add(Event.started(workflowInstance));
        // intentional fall-through

      case RUNNING:
        final Optional<Integer> exitCode = mainContainerStatusOpt.flatMap(cs ->
            getExitCodeIfValid(workflowInstance.toKey(), pod, cs, stats));
        generatedEvents.add(Event.terminate(workflowInstance, exitCode));
        break;

      default:
        // no event
        break;
    }

    return ImmutableList.copyOf(generatedEvents);
  }

  private static List<Event> handleStarted(WorkflowInstance workflowInstance, RunState state) {
    switch (state.state()) {
      case PREPARE:
      case SUBMITTED:
        return List.of(Event.started(workflowInstance));

      default:
        return List.of();
    }
  }

  private static List<Event> handleError(RunState state, Event event) {
    switch (state.state()) {
      case PREPARE:
      case SUBMITTED:
      case RUNNING:
        return List.of(event);

      default:
        return List.of();
    }
  }

  private static boolean isExited(Pod pod, Optional<ContainerStatus> mainContainerStatusOpt) {
    switch (pod.getStatus().getPhase()) {
      case "Running":
        // Check if the main container has exited
        if (mainContainerStatusOpt.map(ContainerStatus::getState)
            .map(ContainerState::getTerminated)
            .isPresent()) {
          return true;
        }

        break;

      case "Succeeded":
      case "Failed":
        return true;

      default:
        // do nothing
        break;
    }

    return false;
  }

  private static boolean isStarted(Pod pod, Optional<ContainerStatus> mainContainerStatusOpt) {
    return "Running".equals(pod.getStatus().getPhase()) && mainContainerStatusOpt
        .map(ContainerStatus::getReady).orElse(false);
  }

  private static Optional<Event> isInErrorState(WorkflowInstance workflowInstance, Pod pod,
                                                Optional<ContainerStatus> mainContainerStatusOpt) {
    final PodStatus status = pod.getStatus();
    final String phase = status.getPhase();

    if ("NodeLost".equals(pod.getStatus().getReason())) {
      return Optional.of(Event.runError(workflowInstance, "Lost node running pod"));
    }

    switch (phase) {
      case "Pending":
        // check if one or more docker contains failed to pull their image, a possible silent error
        return mainContainerStatusOpt
            .flatMap(KubernetesPodEventTranslator::imageError)
            .map(msg -> Event.runError(workflowInstance, msg));

      case "Succeeded":
      case "Failed":
        if (mainContainerStatusOpt.isEmpty()) {
          return Optional.of(Event.runError(workflowInstance, "Could not find our container in pod"));
        }

        final ContainerStatus containerStatus = mainContainerStatusOpt.get();
        final ContainerStateTerminated terminated = containerStatus.getState().getTerminated();
        if (terminated == null) {
          return Optional.of(Event.runError(workflowInstance, "Unexpected null terminated status"));
        }
        return Optional.empty();

      case "Unknown":
        return Optional.of(Event.runError(workflowInstance, "Pod entered Unknown phase"));

      default:
        return Optional.empty();
    }
  }

  static Optional<String> imageError(ContainerStatus cs) {
    return Optional.ofNullable(cs.getState().getWaiting()).flatMap(waiting ->
        Optional.ofNullable(waiting.getReason()).flatMap(reason -> {
          var message = Optional.ofNullable(waiting.getMessage()).orElse("");
          switch (reason) {
            // https://github.com/kubernetes/kubernetes/blob/8327e433590f9e867b1e31a4dc32316685695729/pkg/kubelet/images/types.go#L26
            case "ImageInspectError":
            case "PullImageError":
            case "ErrImagePull":
            case "ErrImageNeverPull":
            case "ImagePullBackOff":
            case "RegistryUnavailable":
              return Optional.of(String.format("Failed to pull image %s of container %s, reason: %s, message: %s",
                  cs.getImage(), cs.getName(), reason, message));
            case "InvalidImageName":
              return Optional.of(String.format("Container %s has invalid image name %s, message: %s",
                  cs.getName(), cs.getImage(), message));
            default:
              return Optional.empty();
          }
        }));
  }

  static boolean isTerminated(ContainerStatus cs) {
    return cs.getState().getTerminated() != null;
  }

  static boolean isTerminated(Pod pod) {
    return getMainContainerStatus(pod)
        .map(KubernetesPodEventTranslator::isTerminated)
        .orElse(false);
  }
}