airship
/
promenade
Code Issues Proposed changes

Use curl (not socat) in apiserver anchor readiness 

Update the kubernetes apiserver anchor pod to use curl instead of socat
for its readiness probe.

Change-Id: Id102d6542fa21b6d692781f81d250a3231e18771
This commit is contained in:
Phil Sphicas 2022-04-25 09:56:05 -07:00
parent 59e1f8af83
commit 6a17e4fccd
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
charts/apiserver/templates/daemonset.yaml
View File

@ -88,10 +88,12 @@ spec:
- -c
- |-
grep -q "created-by: ${POD_NAME}" "${MANIFEST_PATH}" || exit 1
if [ ! -f /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem ]; then
cat /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-key.pem <(echo) /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver.pem > /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem
fi
echo -e 'GET /healthz HTTP/1.0\r\n' | socat - openssl:localhost:{{ .Values.network.kubernetes_apiserver.port }},cert=/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem,cafile=/host{{ .Values.apiserver.host_etc_path }}/pki/cluster-ca.pem | grep '200 OK'
[ "$(curl -s -S -o /dev/null \
--cert "/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver.pem" \
--key "/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-key.pem" \
--cacert "/host{{ .Values.apiserver.host_etc_path }}/pki/cluster-ca.pem" \
"https://localhost:{{ .Values.network.kubernetes_apiserver.port }}/healthz" \
-w "%{http_code}")" = "200" ]
exit $?
initialDelaySeconds: 10
periodSeconds: 5