Skip to content

Commit

Permalink
webhook: use dedicated port for health probe (kubeovn#3285)
Browse files Browse the repository at this point in the history 
---------

Signed-off-by: 张祖建 <[email protected]>
  • Loading branch information
@zhangzujian
zhangzujian committed Oct 9, 2023
1 parent fa7eecf commit da91598
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 9 deletions.
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ KUBEVIRT_TEST_YAML = https://kubevirt.io/labs/manifests/vm.yaml
CILIUM_VERSION = 1.14.1
CILIUM_IMAGE_REPO = quay.io/cilium/cilium

CERT_MANAGER_VERSION = v1.12.3
CERT_MANAGER_VERSION = v1.12.5
CERT_MANAGER_CONTROLLER = quay.io/jetstack/cert-manager-controller:$(CERT_MANAGER_VERSION)
CERT_MANAGER_CAINJECTOR = quay.io/jetstack/cert-manager-cainjector:$(CERT_MANAGER_VERSION)
CERT_MANAGER_WEBHOOK = quay.io/jetstack/cert-manager-webhook:$(CERT_MANAGER_VERSION)
Expand Down Expand Up @@ -741,7 +741,7 @@ kind-install-webhook: kind-install
kubectl rollout status deployment/cert-manager-cainjector -n cert-manager --timeout 120s
kubectl rollout status deployment/cert-manager-webhook -n cert-manager --timeout 120s

kubectl apply -f yamls/webhook.yaml
sed 's#image: .*#image: $(REGISTRY)/kube-ovn:$(VERSION)#' yamls/webhook.yaml | kubectl apply -f -
kubectl rollout status deployment/kube-ovn-webhook -n kube-system --timeout 120s

.PHONY: kind-install-cilium-chaining
Expand Down
13 changes: 12 additions & 1 deletion cmd/webhook/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package main

import (
"flag"
"os"

"github.com/spf13/pflag"
appsv1 "k8s.io/api/apps/v1"
Expand All @@ -10,6 +11,7 @@ import (
"k8s.io/klog/v2"
"k8s.io/klog/v2/klogr"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/healthz"
ctrlwebhook "sigs.k8s.io/controller-runtime/pkg/webhook"

ovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
Expand Down Expand Up @@ -38,6 +40,7 @@ func main() {
klog.Infof(versions.String())

port := pflag.Int("port", 8443, "The port webhook listen on.")
healthProbePort := pflag.Int32("health-probe-port", 8080, "The port health probes listen on.")

klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
klog.InitFlags(klogFlags)
Expand Down Expand Up @@ -69,7 +72,8 @@ func main() {
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
// disable metrics to avoid port conflict
MetricsBindAddress: "0",
MetricsBindAddress: "0",
HealthProbeBindAddress: util.JoinHostPort(os.Getenv("POD_IP"), *healthProbePort),
})
if err != nil {
panic(err)
Expand All @@ -88,6 +92,13 @@ func main() {
panic(err)
}

if err = mgr.AddHealthzCheck("liveness probe", healthz.Ping); err != nil {
panic(err)
}
if err = mgr.AddReadyzCheck("readiness probe", healthz.Ping); err != nil {
panic(err)
}

// Start the server by starting a previously-set-up manager
if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
panic(err)
Expand Down
20 changes: 14 additions & 6 deletions yamls/webhook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,14 @@ spec:
- /kube-ovn/kube-ovn-webhook
args:
- --port=8443
- --health-probe-port=8080
- --v=3
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
Expand All @@ -48,22 +55,23 @@ spec:
- containerPort: 8443
name: https
protocol: TCP
- containerPort: 8080
name: health-probe
protocol: TCP
livenessProbe:
failureThreshold: 3
httpGet:
path: /validating
port: 8443
scheme: HTTPS
path: /healthz
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /validating
port: 8443
scheme: HTTPS
path: /readyz
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
Expand Down

0 comments on commit da91598

Please sign in to comment.