Expand CoreDNS liveness/readiness probes

This adds direct name resolution as part of these checks.  We have
experienced an issue with older versions of the proxy plugin that
resulted in coredns pods unable to resolve upstream names, but passing
health checks.

Change-Id: I9241b78490b4ae1640fb028c8c32bb179bf4e8ec
This commit is contained in:
Mark Burnett 2018-06-07 09:07:06 -05:00 committed by Pete Birley
parent 009f3de7ec
commit faf5a9a2d0
3 changed files with 46 additions and 8 deletions

View File

@ -0,0 +1,25 @@
#!/bin/sh
set -x
SUCCESS=1
{{/* Use built-in health check */}}
if ! wget http://localhost:8080/health; then
echo "Failed CoreDNS health check endpoint"
SUCCESS=0
fi
{{/* Perform direct name lookups*/}}
{{- range .Values.conf.test.names_to_resolve }}
if dig +time=2 +tries=1 {{ . }} @127.0.0.1; then
echo "Successfully resolved {{ . }}"
else
echo "Failed to resolve {{ . }}"
SUCCESS=0
fi
{{- end }}
if [ "$SUCCESS" != "1" ]; then
echo "Test failed to resolve all names."
exit 1
fi

View File

@ -0,0 +1,8 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.service.name }}-bin
data:
probe.sh: |
{{ tuple "bin/_probe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

View File

@ -38,6 +38,7 @@ spec:
{{ tuple $envAll "kubernetes" "coredns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
{{ .Values.service.name }}: enabled
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: coredns
@ -67,6 +68,8 @@ spec:
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
- name: scripts
mountPath: /tmp/bin
ports:
- containerPort: 53
name: dns
@ -75,18 +78,16 @@ spec:
name: dns-tcp
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
exec:
command:
- /tmp/bin/probe.sh
initialDelaySeconds: 2
timeoutSeconds: 5
successThreshold: 1
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
exec:
command:
- /tmp/bin/probe.sh
initialDelaySeconds: 10
timeoutSeconds: 5
successThreshold: 1
@ -99,3 +100,7 @@ spec:
items:
- key: Corefile
path: Corefile
- name: scripts
configMap:
name: {{ .Values.service.name }}-bin
defaultMode: 0555