Expand CoreDNS liveness/readiness probes
This adds direct name resolution as part of these checks. We have experienced an issue with older versions of the proxy plugin that resulted in coredns pods unable to resolve upstream names, but passing health checks. Change-Id: I9241b78490b4ae1640fb028c8c32bb179bf4e8ec
This commit is contained in:
parent
009f3de7ec
commit
faf5a9a2d0
|
@ -0,0 +1,25 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -x
|
||||
|
||||
SUCCESS=1
|
||||
|
||||
{{/* Use built-in health check */}}
|
||||
if ! wget http://localhost:8080/health; then
|
||||
echo "Failed CoreDNS health check endpoint"
|
||||
SUCCESS=0
|
||||
fi
|
||||
|
||||
{{/* Perform direct name lookups*/}}
|
||||
{{- range .Values.conf.test.names_to_resolve }}
|
||||
if dig +time=2 +tries=1 {{ . }} @127.0.0.1; then
|
||||
echo "Successfully resolved {{ . }}"
|
||||
else
|
||||
echo "Failed to resolve {{ . }}"
|
||||
SUCCESS=0
|
||||
fi
|
||||
{{- end }}
|
||||
if [ "$SUCCESS" != "1" ]; then
|
||||
echo "Test failed to resolve all names."
|
||||
exit 1
|
||||
fi
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}-bin
|
||||
data:
|
||||
probe.sh: |
|
||||
{{ tuple "bin/_probe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
|
@ -38,6 +38,7 @@ spec:
|
|||
{{ tuple $envAll "kubernetes" "coredns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
{{ .Values.service.name }}: enabled
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: coredns
|
||||
|
@ -67,6 +68,8 @@ spec:
|
|||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/coredns
|
||||
- name: scripts
|
||||
mountPath: /tmp/bin
|
||||
ports:
|
||||
- containerPort: 53
|
||||
name: dns
|
||||
|
@ -75,18 +78,16 @@ spec:
|
|||
name: dns-tcp
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8080
|
||||
scheme: HTTP
|
||||
exec:
|
||||
command:
|
||||
- /tmp/bin/probe.sh
|
||||
initialDelaySeconds: 2
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8080
|
||||
scheme: HTTP
|
||||
exec:
|
||||
command:
|
||||
- /tmp/bin/probe.sh
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
|
@ -99,3 +100,7 @@ spec:
|
|||
items:
|
||||
- key: Corefile
|
||||
path: Corefile
|
||||
- name: scripts
|
||||
configMap:
|
||||
name: {{ .Values.service.name }}-bin
|
||||
defaultMode: 0555
|
||||
|
|
Loading…
Reference in New Issue