Checkpoint and activate itself.

[yifan-gu]

This PR enables us to GC itself using the existing codepath.
Also it removes the needs for the checkpoint-installer, which
also enables us to update the checkpointer by just updating the
checkpointer's manifest.

[yifan-gu]

Fix #253
Fix #206

Ready for a review.

I did several tests manually:

• Boot up 2 nodes.
• Schedule checkpointer on both.
• Schedule a test pod (checkpoints enabled) on the worker node.
• See 4 checkpointers, 2 running, 2 standby.
• Suspend the master, reboot the worker node.
• The standby checkpointer starts, which then starts checkpoints.
• Resume the master, see 4 checkpointers, 2 running, 2 standby, and the static checkpointer now is the effective one on the worker node.
• Checkpointer stops the test pod's checkpoints after the test pod is running.

• Boot up 2 nodes.
• Schedule checkpointer on both.
• Schedule a test pod (checkpoints enabled) on the worker node.
• See 4 checkpointers, 2 running, 2 standby.
• Suspend the worker, delete the test pod, recreate the checkpointer daemonset so it only schedules on master node.
• Suspend the master
• Resume/reboot the worker
• The standby checkpointer starts, which then starts checkpoints.
• Resume the master
• The standby checkpointer cleans the checkpoints and itself.

/cc @aaronlevy @stuart-warren

[aaronlevy]

Couple minor comments, but this is looking awesome

[aaronlevy]

This seems a bit fragile. Is there another way we could determine this? We can know our "self" via the downward api + inject as env vars - maybe that's an option?

[yifan-gu]

@aaronlevy Which downward API? Getting the podname?

[aaronlevy]

Yeah. We could probably check that maybe:

pod.Name == self.Namespace
pod.Name == self.Name + "-" + self.NodeName // Because we care about the static pod, right?

[aaronlevy]

Hmm actually, it won't have the node-name suffix in the checkpoint manifest - so maybe just pod.Name == self.Name if we care about the parent pod

or, if we care about the checkpointed copy, something like:

pod.Name == strings.TrimSuffix(self.Name, self.NodeName) && pod.Name != self.Name

[aaronlevy]

I'm a slightly worried about swapping the order of removal here. My thought being that we should stop the pods first, then remove the assets they rely on. It might not be an issue - because we weren't waiting for the pods to actually stop - but do you forsee issues in removing a secret / configMap for example from underneath a running pod?

[yifan-gu]

I tested this, it actually successfully removed without an issue. But I want to just double check and understand why it's not an issue and report back.

Alternatively, we can keep the order. and just leave the configmap/scret for the checkpointer untouched. And next time we create the configmap/scret again, we always overwrite the existing one. This seems safer and doesn't cause any issue except for two small files. WDYT?

[yifan-gu]

cc @aaronlevy ^

[yifan-gu]

So actually removing the config, secret will always succeed, it's not a unmounting operaton.
But maybe that's not graceful to pods as they might have some prestop hooks or whatever graceful termination process that will require the secrets/configs.
I will revert this ordering change.

[yifan-gu]

Had more discussion on this. As for now we are not waiting the pod to be deleted anyway, so maybe it's fine to leave as is, and improve this later.
Adding a TODO to capture that.

[aaronlevy]

May be worth adding another test to make sure it still starts even with a local parent (the checkpointed copy always needs to run)

[yifan-gu]

Sure

[yifan-gu]

Comments addressed, PTAL @aaronlevy

[aaronlevy]

This LGTM - but going to hold off on merging this to coordinate these changes at same time as k8s v1.6.0

[yifan-gu]

Add one more commit for cleaning up all checkpoints when the pod checkpointer is removed.
Will squash if this passes the review @aaronlevy

[aaronlevy]

lgtm