summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Burnett <mark.m.burnett@gmail.com>2018-09-26 16:18:03 -0500
committerMark Burnett <mark.m.burnett@gmail.com>2018-10-09 08:47:40 -0500
commit83b65b358d10cde53446a8bb33048c9c9e40c017 (patch)
treefbd2baa47dae79abd0d300036f4dc930d76f3dc5
parentab314cd43912db27ecfddd9ad49636e7fdae1ee6 (diff)
Fix: Workaround kube-proxy keeping stale IPs
This updates the liveness probe to fail when there are iptables rules from kube-proxy that don't appear in existing endpoints. Change-Id: I376be24566809a653417acfb84cac8f1c4e1a36e
Notes
Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Workflow+1: Aaron Sheffield <ajs@sheffieldfamily.net> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 10 Oct 2018 16:32:10 +0000 Reviewed-on: https://review.openstack.org/605832 Project: openstack/airship-promenade Branch: refs/heads/master
-rw-r--r--charts/proxy/templates/bin/_liveness-probe.sh.tpl11
1 files changed, 11 insertions, 0 deletions
diff --git a/charts/proxy/templates/bin/_liveness-probe.sh.tpl b/charts/proxy/templates/bin/_liveness-probe.sh.tpl
index c00266a..81cfa56 100644
--- a/charts/proxy/templates/bin/_liveness-probe.sh.tpl
+++ b/charts/proxy/templates/bin/_liveness-probe.sh.tpl
@@ -21,6 +21,17 @@ if [[ $(iptables-save {{- if .Values.livenessProbe.whitelist }} | grep -Ev "${WH
21 FAILURE=1 21 FAILURE=1
22fi 22fi
23 23
24
25IPTABLES_IPS=$(iptables-save | grep -E 'KUBE-SEP.*to-destination' | sed 's/.*to-destination \(.*\):.*/\1/' | sort -u)
26KUBECTL_IPS=$(kubectl get --all-namespaces -o json endpoints | jq -r '.items | arrays | .[] | objects | .subsets | arrays | .[] | objects | .addresses | arrays | .[] | objects | .ip' | sort -u)
27
28if [[ $(comm -23 <(echo "${IPTABLES_IPS}") <(echo "${KUBECTL_IPS}")) ]]; then
29 FAILURE=1
30 echo "Found non-current Pod IPs in iptables rules:"
31 comm -23 <(echo "${IPTABLES_IPS}") <(echo "${KUBECTL_IPS}")
32fi
33
34
24if [[ "${FAILURE}" == "1" ]]; then 35if [[ "${FAILURE}" == "1" ]]; then
25 exit 1 36 exit 1
26fi 37fi