airship/promenade
Code Issues Proposed changes

Fix coredns checks

Browse Source 
The readiness probe and helm test currently rely on
the return code of `dig`, which doesn't fail for
NXDOMAIN, which means they are not checking that
the names are actually resolved. This moves to using
`host` instead which does check this.

This also removes the checks for kubernetes etcd
domain names, since that doesn't get deployed until
after coredns.

Change-Id: I0b459f52663c936ed4b8b216614c5b4824a0713f
This commit is contained in:
Sean Eagan 2019-11-20 10:34:16 -06:00
parent 45968eff4e
commit 6bc3847265
8 changed files with 38 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
charts/coredns/templates/bin/_probe.py.tpl
View File

@ -17,12 +17,24 @@ class httpHandler(BaseHTTPRequestHandler):
failed = False failed = False
res = requests.get("http://127.0.0.1:{}/health".format(args.check_port)) res = requests.get("http://127.0.0.1:{}/health".format(args.check_port))
if res.status_code >= 400: if res.status_code >= 400:
print('Failed /health check, status code = : {}'.format(res.status_code))
failed = True failed = True
res = subprocess.run(
["dig", "+time=2", "+tries=1", "@127.0.0.1", "-f", args.filename], with open(args.filename, 'r') as fh:
stdout=subprocess.DEVNULL) for host in fh.read().splitlines():
if res.returncode != 0: # ignore blank lines
failed = True if not host:
continue
res = subprocess.run(
["host", "-W=2", "-R=1", host, "127.0.0.1"],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
if res.returncode != 0:
print('Failed to resolve host: "{}"'.format(host))
print(res.stdout)
failed = True
break
if failed: if failed:
print('Check failed') print('Check failed')
self.send_response(500) self.send_response(500)

2
charts/coredns/templates/configmap-list.yaml
View File

@ -4,5 +4,5 @@ kind: ConfigMap
metadata: metadata:
name: {{ .Values.service.name }}-list name: {{ .Values.service.name }}-list
data: data:
names_to_resolve: | names_to_resolve: |-
{{ tuple "etc/_list.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "etc/_list.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

4
charts/coredns/templates/etc/_list.tpl
View File

@ -1,3 +1,3 @@
{{- range .Values.conf.test.names_to_resolve }} {{- range .Values.conf.test.names_to_resolve -}}
{{ . }} {{ . }}
{{- end }} {{ end -}}

26
charts/coredns/templates/pod-test.yaml
View File

@ -40,16 +40,26 @@ spec:
- -c - -c
- | - |
SUCCESS=1 SUCCESS=1
{{- range .Values.conf.test.names_to_resolve }} while read host; do
if dig {{ . }}; then if [ -n "$host" ]; then
echo "Successfully resolved {{ . }}" if host "$host"; then
else echo "Successfully resolved: \"$host\""
echo "Failed to resolve {{ . }}" else
SUCCESS=0 echo "Failed to resolve: \"$host\""
fi SUCCESS=0
{{- end }} fi
fi
done < /tmp/etc/names_to_resolve
if [ "$SUCCESS" != "1" ]; then if [ "$SUCCESS" != "1" ]; then
echo "Test failed to resolve all names." echo "Test failed to resolve all names."
exit 1 exit 1
fi fi
volumeMounts:
- name: dns-names
mountPath: /tmp/etc
volumes:
- name: dns-names
configMap:
name: {{ $envAll.Values.service.name }}-list
defaultMode: 0555
{{- end }} {{- end }}

1
examples/basic/armada-resources.yaml
View File

@ -563,7 +563,6 @@ data:
test: test:
names_to_resolve: names_to_resolve:
- calico-etcd.kube-system.svc.cluster.local - calico-etcd.kube-system.svc.cluster.local
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local - kubernetes.default.svc.cluster.local
images: images:
tags: tags:

1
examples/complete/armada-resources.yaml
View File

@ -584,7 +584,6 @@ data:
test: test:
names_to_resolve: names_to_resolve:
- calico-etcd.kube-system.svc.cluster.local - calico-etcd.kube-system.svc.cluster.local
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local - kubernetes.default.svc.cluster.local
images: images:

1
examples/containerd/armada-resources.yaml
View File

@ -438,7 +438,6 @@ data:
- att.com - att.com
- calico-etcd.kube-system.svc.cluster.local - calico-etcd.kube-system.svc.cluster.local
- google.com - google.com
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local - kubernetes.default.svc.cluster.local
images: images:

1
examples/gate/armada-resources.yaml
View File

@ -459,7 +459,6 @@ data:
- att.com - att.com
- calico-etcd.kube-system.svc.cluster.local - calico-etcd.kube-system.svc.cluster.local
- google.com - google.com
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local - kubernetes.default.svc.cluster.local
images: images: