From 6a17e4fccd7ef3db9bbe32653c83046840e1c208 Mon Sep 17 00:00:00 2001 From: Phil Sphicas Date: Mon, 25 Apr 2022 09:56:05 -0700 Subject: [PATCH] Use curl (not socat) in apiserver anchor readiness Update the kubernetes apiserver anchor pod to use curl instead of socat for its readiness probe. Change-Id: Id102d6542fa21b6d692781f81d250a3231e18771 --- charts/apiserver/templates/daemonset.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/apiserver/templates/daemonset.yaml b/charts/apiserver/templates/daemonset.yaml index cfae07d7..50e8cfd8 100644 --- a/charts/apiserver/templates/daemonset.yaml +++ b/charts/apiserver/templates/daemonset.yaml @@ -88,10 +88,12 @@ spec: - -c - |- grep -q "created-by: ${POD_NAME}" "${MANIFEST_PATH}" || exit 1 - if [ ! -f /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem ]; then - cat /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-key.pem <(echo) /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver.pem > /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem - fi - echo -e 'GET /healthz HTTP/1.0\r\n' | socat - openssl:localhost:{{ .Values.network.kubernetes_apiserver.port }},cert=/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem,cafile=/host{{ .Values.apiserver.host_etc_path }}/pki/cluster-ca.pem | grep '200 OK' + [ "$(curl -s -S -o /dev/null \ + --cert "/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver.pem" \ + --key "/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-key.pem" \ + --cacert "/host{{ .Values.apiserver.host_etc_path }}/pki/cluster-ca.pem" \ + "https://localhost:{{ .Values.network.kubernetes_apiserver.port }}/healthz" \ + -w "%{http_code}")" = "200" ] exit $? initialDelaySeconds: 10 periodSeconds: 5