Skip to content

Commit

Permalink
webhook: use dedicated port for health probe
Browse files Browse the repository at this point in the history
Signed-off-by: 张祖建 <[email protected]>
  • Loading branch information
zhangzujian committed Oct 8, 2023
1 parent 5172207 commit a451c7a
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 8 deletions.
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ KUBEVIRT_TEST_YAML = https://kubevirt.io/labs/manifests/vm.yaml
CILIUM_VERSION = 1.14.1
CILIUM_IMAGE_REPO = quay.io/cilium/cilium

CERT_MANAGER_VERSION = v1.12.3
CERT_MANAGER_VERSION = v1.12.5
CERT_MANAGER_CONTROLLER = quay.io/jetstack/cert-manager-controller:$(CERT_MANAGER_VERSION)
CERT_MANAGER_CAINJECTOR = quay.io/jetstack/cert-manager-cainjector:$(CERT_MANAGER_VERSION)
CERT_MANAGER_WEBHOOK = quay.io/jetstack/cert-manager-webhook:$(CERT_MANAGER_VERSION)
Expand Down Expand Up @@ -769,7 +769,7 @@ kind-install-webhook: kind-install
kubectl rollout status deployment/cert-manager-cainjector -n cert-manager --timeout 120s
kubectl rollout status deployment/cert-manager-webhook -n cert-manager --timeout 120s

kubectl apply -f yamls/webhook.yaml
sed 's#image: .*#image: $(REGISTRY)/kube-ovn:$(VERSION)#' yamls/webhook.yaml | kubectl apply -f -
kubectl rollout status deployment/kube-ovn-webhook -n kube-system --timeout 120s

.PHONY: kind-install-cilium-chaining
Expand Down
12 changes: 12 additions & 0 deletions cmd/webhook/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package main

import (
"flag"
"os"

"github.com/spf13/pflag"
appsv1 "k8s.io/api/apps/v1"
Expand All @@ -10,6 +11,7 @@ import (
"k8s.io/klog/v2"
"k8s.io/klog/v2/klogr"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/healthz"
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
ctrlwebhook "sigs.k8s.io/controller-runtime/pkg/webhook"

Expand All @@ -19,6 +21,8 @@ import (
"github.com/kubeovn/kube-ovn/versions"
)

const healthProbePort = 8080

const hookServerCertDir = "/tmp/k8s-webhook-server/serving-certs"

var scheme = runtime.NewScheme()
Expand Down Expand Up @@ -73,6 +77,7 @@ func main() {
Metrics: metricsserver.Options{
BindAddress: "0",
},
HealthProbeBindAddress: util.JoinHostPort(os.Getenv("POD_IP"), healthProbePort),
})
if err != nil {
panic(err)
Expand All @@ -91,6 +96,13 @@ func main() {
panic(err)
}

if err = mgr.AddHealthzCheck("liveness probe", healthz.Ping); err != nil {
panic(err)
}
if err = mgr.AddReadyzCheck("readiness probe", healthz.Ping); err != nil {
panic(err)
}

// Start the server by starting a previously-set-up manager
if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
panic(err)
Expand Down
19 changes: 13 additions & 6 deletions yamls/webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ spec:
args:
- --port=8443
- --v=3
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
Expand All @@ -48,22 +54,23 @@ spec:
- containerPort: 8443
name: https
protocol: TCP
- containerPort: 8080
name: health-probe
protocol: TCP
livenessProbe:
failureThreshold: 3
httpGet:
path: /validating
port: 8443
scheme: HTTPS
path: /healthz
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /validating
port: 8443
scheme: HTTPS
path: /readyz
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
Expand Down

0 comments on commit a451c7a

Please sign in to comment.