From 98f50e94dd202a1f18283c5f2b8d51866ef3f256 Mon Sep 17 00:00:00 2001 From: R-Lawton Date: Thu, 5 Dec 2024 15:03:27 +0000 Subject: [PATCH] adding dns health checks Signed-off-by: R-Lawton --- .../secure-protect-connect-openshift.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/doc/user-guides/full-walkthrough/secure-protect-connect-openshift.md b/doc/user-guides/full-walkthrough/secure-protect-connect-openshift.md index 322c19402..690e325b8 100644 --- a/doc/user-guides/full-walkthrough/secure-protect-connect-openshift.md +++ b/doc/user-guides/full-walkthrough/secure-protect-connect-openshift.md @@ -280,6 +280,10 @@ metadata: name: ${KUADRANT_GATEWAY_NAME}-dnspolicy namespace: ${KUADRANT_GATEWAY_NS} spec: + healthCheck: + failureThreshold: 3 + interval: 5m + path: /health loadBalancing: defaultGeo: true geo: GEO-NA @@ -299,6 +303,14 @@ Check that the `DNSPolicy` has been Accepted and Enforced (This mat take a few m kubectl get dnspolicy ${KUADRANT_GATEWAY_NAME}-dnspolicy -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Enforced")].message}' ``` +#### DNS Health checks +DNS Health checks has been enabled on the DNSPolicy. These health checks will flag a published endpoint as healthy or unhealthy based on the defined configuration. When unhealthy an endpoint will not be published if it has not already been published to the DNS provider, will only be unpublished if it is part of a multi-value A record and in all cases can be observable via the DNSPolicy status. For more information see [DNS Health checks documentation](../dns/dnshealthchecks.md) + +Check the status of the health checks as follow: + +```bash +kubectl get dnspolicy ${KUADRANT_GATEWAY_NAME}-dnspolicy -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="SubResourcesHealthy")].message}' +``` ### Test the `low-limit` and `deny all` policies ```bash @@ -374,7 +386,7 @@ apiVersion: v1 kind: Secret metadata: name: bob-key - namespace: kuadrant-system + namespace: ${KUADRANT_DEVELOPER_NS} labels: authorino.kuadrant.io/managed-by: authorino app: toystore @@ -388,7 +400,7 @@ apiVersion: v1 kind: Secret metadata: name: alice-key - namespace: kuadrant-system + namespace: ${KUADRANT_DEVELOPER_NS} labels: authorino.kuadrant.io/managed-by: authorino app: toystore