Adjust kube-apiserver anchor readiness

To avoid cycling the pods in the anchor daemonset too quickly, only
consider a kubernetes-apiserver-anchor pod ready if:
- it created the static manifest kubernetes-apiserver.yaml
- the kubernetes-apiserver pod on the same host is ready

Change-Id: I53dd1c044332946eeb965f07ae828910f00b04c6

charts/apiserver/templates/bin/_anchor.tpl

@@ -26,6 +26,8 @@ snapshot_files() {
     cp "/tmp/etc/{{ $val.file }}" "${SNAPSHOT_DIR}/etc/kubernetes/apiserver/{{ $val.file }}"
     {{- end }}
     {{- end }}
+    # annotate the static manifest with the name of the creating anchor pod
+    sed -i "/created-by: /s/ANCHOR_POD/${POD_NAME}/" "${SNAPSHOT_DIR}{{ .Values.anchor.kubelet.manifest_path }}/kubernetes-apiserver.yaml"
 }
 
 compare_copy_files() {

charts/apiserver/templates/daemonset.yaml

@@ -69,6 +69,10 @@ spec:
             value: /host{{ .Values.anchor.kubelet.manifest_path }}/{{ .Values.service.name }}.yaml
           - name: PKI_PATH
             value: /host{{ .Values.apiserver.host_etc_path }}/pki
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
           command: ["/bin/sh","-c"]
           args: ["/tmp/bin/anchor"]
           lifecycle:
@@ -83,6 +87,7 @@ spec:
               - /bin/bash
               - -c
               - |-
+                grep -q "created-by: ${POD_NAME}" "${MANIFEST_PATH}" || exit 1
                 if [ ! -f /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem ]; then
                   cat /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-key.pem <(echo) /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver.pem > /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem
                 fi

charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl

@@ -66,6 +66,7 @@ metadata:
 {{ tuple $envAll "kubernetes" "apiserver" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   annotations:
     {{ $envAll | include "kubernetes_apiserver.key_annotation" }}
+    created-by: ANCHOR_POD
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 {{- dict "envAll" $envAll "podName" "apiserver" "containerNames" (list "apiserver") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec: