Fix coredns checks

The readiness probe and helm test currently rely on
the return code of `dig`, which doesn't fail for
NXDOMAIN, which means they are not checking that
the names are actually resolved. This moves to using
`host` instead which does check this.

This also removes the checks for kubernetes etcd
domain names, since that doesn't get deployed until
after coredns.

Change-Id: I0b459f52663c936ed4b8b216614c5b4824a0713f
This commit is contained in:
Sean Eagan 2019-11-20 10:34:16 -06:00
parent 45968eff4e
commit 6bc3847265
8 changed files with 38 additions and 20 deletions

View File

@ -17,12 +17,24 @@ class httpHandler(BaseHTTPRequestHandler):
failed = False
res = requests.get("http://127.0.0.1:{}/health".format(args.check_port))
if res.status_code >= 400:
print('Failed /health check, status code = : {}'.format(res.status_code))
failed = True
res = subprocess.run(
["dig", "+time=2", "+tries=1", "@127.0.0.1", "-f", args.filename],
stdout=subprocess.DEVNULL)
if res.returncode != 0:
failed = True
with open(args.filename, 'r') as fh:
for host in fh.read().splitlines():
# ignore blank lines
if not host:
continue
res = subprocess.run(
["host", "-W=2", "-R=1", host, "127.0.0.1"],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
if res.returncode != 0:
print('Failed to resolve host: "{}"'.format(host))
print(res.stdout)
failed = True
break
if failed:
print('Check failed')
self.send_response(500)

View File

@ -4,5 +4,5 @@ kind: ConfigMap
metadata:
name: {{ .Values.service.name }}-list
data:
names_to_resolve: |
names_to_resolve: |-
{{ tuple "etc/_list.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

View File

@ -1,3 +1,3 @@
{{- range .Values.conf.test.names_to_resolve }}
{{- range .Values.conf.test.names_to_resolve -}}
{{ . }}
{{- end }}
{{ end -}}

View File

@ -40,16 +40,26 @@ spec:
- -c
- |
SUCCESS=1
{{- range .Values.conf.test.names_to_resolve }}
if dig {{ . }}; then
echo "Successfully resolved {{ . }}"
else
echo "Failed to resolve {{ . }}"
SUCCESS=0
fi
{{- end }}
while read host; do
if [ -n "$host" ]; then
if host "$host"; then
echo "Successfully resolved: \"$host\""
else
echo "Failed to resolve: \"$host\""
SUCCESS=0
fi
fi
done < /tmp/etc/names_to_resolve
if [ "$SUCCESS" != "1" ]; then
echo "Test failed to resolve all names."
exit 1
fi
volumeMounts:
- name: dns-names
mountPath: /tmp/etc
volumes:
- name: dns-names
configMap:
name: {{ $envAll.Values.service.name }}-list
defaultMode: 0555
{{- end }}

View File

@ -563,7 +563,6 @@ data:
test:
names_to_resolve:
- calico-etcd.kube-system.svc.cluster.local
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local
images:
tags:

View File

@ -584,7 +584,6 @@ data:
test:
names_to_resolve:
- calico-etcd.kube-system.svc.cluster.local
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local
images:

View File

@ -438,7 +438,6 @@ data:
- att.com
- calico-etcd.kube-system.svc.cluster.local
- google.com
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local
images:

View File

@ -459,7 +459,6 @@ data:
- att.com
- calico-etcd.kube-system.svc.cluster.local
- google.com
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local
images: