Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better support for Kubernetes health probes #19173

Merged
merged 3 commits into from
Jul 14, 2023
Merged

Better support for Kubernetes health probes #19173

merged 3 commits into from
Jul 14, 2023

Conversation

hedayat
Copy link
Contributor

@hedayat hedayat commented Jul 9, 2023
edited
Loading

  • Add support for using port names in Kubernetes probes
  • Support TCPSocket probes without specifying any host names

Closes #18645

Does this PR introduce a user-facing change?

From now on, you can also use containerPort names inside Kubernetes liveness probes to refer to the desired ports, which was not previously supported by podman.

@openshift-ci openshift-ci bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note labels Jul 9, 2023
@hedayat hedayat force-pushed the support-port-name-in-probes branch 2 times, most recently from e7a7f43 to 733d154 Compare July 10, 2023 00:13
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 10, 2023
@hedayat hedayat force-pushed the support-port-name-in-probes branch from 733d154 to 5d97385 Compare July 10, 2023 00:16
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 10, 2023
@hedayat hedayat force-pushed the support-port-name-in-probes branch 4 times, most recently from 0d2b9a9 to 09198d5 Compare July 10, 2023 17:02
@hedayat hedayat changed the title Add support for using port names in Kubernetes health probes Better support for Kubernetes health probes Jul 10, 2023
@hedayat hedayat force-pushed the support-port-name-in-probes branch from 09198d5 to 30e66b4 Compare July 10, 2023 17:05
@hedayat hedayat marked this pull request as ready for review July 10, 2023 17:20
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 10, 2023
@rhatdan
Copy link
Member

rhatdan commented Jul 10, 2023

@umohnani8 @ygalblum @baude PTAL

@rhatdan
Copy link
Member

rhatdan commented Jul 10, 2023

You need to add tests or add [NO NEW TESTS NEEDED] flag to the PR.

TomSweeneyRedHat
TomSweeneyRedHat reviewed Jul 10, 2023
View reviewed changes
pkg/specgen/generate/kube/kube.go
if err != nil {
return nil, err
}
commandString = fmt.Sprintf("curl -f %s://%s:%d%s || %s", uriScheme, host, portNum, path, failureCmd)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is old code, but I don't believe curl is native to Mac. If not, should we break this out into Linux, Mac, and Windows code streams? Beyond which, I'm always leery about making a curl call from code, but that seems to be water under the bridge at this point.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this command is being run inside the container, not the host. Although, this is also not desirable.

I guess the ideal solution would be either for podman itself to do the probes inside code, or to have a separate container (probably like or extending the pause container) running the probes.

@hedayat hedayat force-pushed the support-port-name-in-probes branch from 30e66b4 to ed99c18 Compare July 10, 2023 21:14
@hedayat hedayat force-pushed the support-port-name-in-probes branch from ed99c18 to 600de05 Compare July 10, 2023 21:31
vrothberg
vrothberg reviewed Jul 11, 2023
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think @umohnani8 started looking into this issue as well. Let's wait for her to have a look.

@umohnani8
Copy link
Member

This is a bit different than the issue I am looking at. What I am looking at is the probe fails with a curl command because the container doesn't have a shell or curl installed as the podman code currently runs the probe commands inside the container created. We need to figure out a way to handle http commands outside of the container to check for healthy status and will be a bigger rework.

I think this PR can go it as it is addressing another issue around ports with probes and there is no need to block it on the future rework.

Changes LGTM

@hedayat
Copy link
Contributor Author

hedayat commented Jul 11, 2023

This is a bit different than the issue I am looking at. What I am looking at is the probe fails with a curl command because the container doesn't have a shell or curl installed as the podman code currently runs the probe commands inside the container created. We need to figure out a way to handle http commands outside of the container to check for healthy status and will be a bigger rework.

That's #18318, and its also the case for TCP probes which is also done by running nc inside the container. And there will be gRPC probes when implemented in podman :)

Changes LGTM

Thanks a lot for the review!

vrothberg
vrothberg reviewed Jul 12, 2023
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I´d love to see a test or two being added (or extended) in https://github.com/containers/podman/blob/main/test/e2e/play_kube_test.go.

pkg/specgen/generate/kube/kube.go
@@ -569,6 +569,7 @@ func probeToHealthConfig(probe *v1.Probe, containerPorts []v1.ContainerPort) (*m
var commandString string
failureCmd := "exit 1"
probeHandler := probe.Handler
host := "localhost" // Kubernetes default is host IP, but with Podman currently we run inside the container
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any chance we can add a test for it?

@ygalblum
Copy link
Contributor

LGTM for the code. But, I agree with @vrothberg about the need for tests

@hedayat
Copy link
Contributor Author

hedayat commented Jul 13, 2023

@ygalblum @vrothberg

Thanks for the review. I added a number of tests covering new fixes

@hedayat hedayat force-pushed the support-port-name-in-probes branch from 5568306 to a8d8c94 Compare July 13, 2023 14:54
@rhatdan
Copy link
Member

rhatdan commented Jul 13, 2023

/lgtm
I don't think this is a new feature ,so it should be back ported.

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 13, 2023
@rhatdan rhatdan added approved Indicates a PR has been approved by an approver from all required OWNERS files. 4.6 and removed lgtm Indicates that a PR is ready to be merged. labels Jul 13, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 13, 2023

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: hedayat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan
Copy link
Member

rhatdan commented Jul 14, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 14, 2023
@openshift-merge-robot openshift-merge-robot merged commit 960a764 into containers:main Jul 14, 2023
@hedayat hedayat deleted the support-port-name-in-probes branch July 14, 2023 22:03
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Oct 13, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

@vrothberg vrothberg vrothberg left review comments

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Podman kube play assumes port numbers in liveness probe
7 participants
@hedayat @rhatdan @umohnani8 @ygalblum @vrothberg @TomSweeneyRedHat @openshift-merge-robot