From da91598ad677a7f3ada14943fad023d40074f178 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Mon, 9 Oct 2023 09:31:37 +0800 Subject: [PATCH] webhook: use dedicated port for health probe (#3285) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --------- Signed-off-by: 张祖建 --- Makefile | 4 ++-- cmd/webhook/server.go | 13 ++++++++++++- yamls/webhook.yaml | 20 ++++++++++++++------ 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index a41b4beefaf2..2fb709a2ac55 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ KUBEVIRT_TEST_YAML = https://kubevirt.io/labs/manifests/vm.yaml CILIUM_VERSION = 1.14.1 CILIUM_IMAGE_REPO = quay.io/cilium/cilium -CERT_MANAGER_VERSION = v1.12.3 +CERT_MANAGER_VERSION = v1.12.5 CERT_MANAGER_CONTROLLER = quay.io/jetstack/cert-manager-controller:$(CERT_MANAGER_VERSION) CERT_MANAGER_CAINJECTOR = quay.io/jetstack/cert-manager-cainjector:$(CERT_MANAGER_VERSION) CERT_MANAGER_WEBHOOK = quay.io/jetstack/cert-manager-webhook:$(CERT_MANAGER_VERSION) @@ -741,7 +741,7 @@ kind-install-webhook: kind-install kubectl rollout status deployment/cert-manager-cainjector -n cert-manager --timeout 120s kubectl rollout status deployment/cert-manager-webhook -n cert-manager --timeout 120s - kubectl apply -f yamls/webhook.yaml + sed 's#image: .*#image: $(REGISTRY)/kube-ovn:$(VERSION)#' yamls/webhook.yaml | kubectl apply -f - kubectl rollout status deployment/kube-ovn-webhook -n kube-system --timeout 120s .PHONY: kind-install-cilium-chaining diff --git a/cmd/webhook/server.go b/cmd/webhook/server.go index e357ca9b74d8..3243ecefb273 100644 --- a/cmd/webhook/server.go +++ b/cmd/webhook/server.go @@ -2,6 +2,7 @@ package main import ( "flag" + "os" "github.com/spf13/pflag" appsv1 "k8s.io/api/apps/v1" @@ -10,6 +11,7 @@ import ( "k8s.io/klog/v2" "k8s.io/klog/v2/klogr" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" ctrlwebhook "sigs.k8s.io/controller-runtime/pkg/webhook" ovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1" @@ -38,6 +40,7 @@ func main() { klog.Infof(versions.String()) port := pflag.Int("port", 8443, "The port webhook listen on.") + healthProbePort := pflag.Int32("health-probe-port", 8080, "The port health probes listen on.") klogFlags := flag.NewFlagSet("klog", flag.ExitOnError) klog.InitFlags(klogFlags) @@ -69,7 +72,8 @@ func main() { mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, // disable metrics to avoid port conflict - MetricsBindAddress: "0", + MetricsBindAddress: "0", + HealthProbeBindAddress: util.JoinHostPort(os.Getenv("POD_IP"), *healthProbePort), }) if err != nil { panic(err) @@ -88,6 +92,13 @@ func main() { panic(err) } + if err = mgr.AddHealthzCheck("liveness probe", healthz.Ping); err != nil { + panic(err) + } + if err = mgr.AddReadyzCheck("readiness probe", healthz.Ping); err != nil { + panic(err) + } + // Start the server by starting a previously-set-up manager if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { panic(err) diff --git a/yamls/webhook.yaml b/yamls/webhook.yaml index 222b062ece31..e70d9f6dadef 100644 --- a/yamls/webhook.yaml +++ b/yamls/webhook.yaml @@ -39,7 +39,14 @@ spec: - /kube-ovn/kube-ovn-webhook args: - --port=8443 + - --health-probe-port=8080 - --v=3 + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert @@ -48,12 +55,14 @@ spec: - containerPort: 8443 name: https protocol: TCP + - containerPort: 8080 + name: health-probe + protocol: TCP livenessProbe: failureThreshold: 3 httpGet: - path: /validating - port: 8443 - scheme: HTTPS + path: /healthz + port: 8080 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 @@ -61,9 +70,8 @@ spec: readinessProbe: failureThreshold: 3 httpGet: - path: /validating - port: 8443 - scheme: HTTPS + path: /readyz + port: 8080 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1