38 lines
1.2 KiB
Smarty
38 lines
1.2 KiB
Smarty
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
FAILURE=0
|
|
{{- if .Values.livenessProbe.whitelist }}
|
|
WHITELIST='({{- join "|" .Values.livenessProbe.whitelist -}})'
|
|
{{- end }}
|
|
|
|
REQUEST='GET /healthz HTTP/1.0\r\nHost: localhost:10256\r\n'
|
|
|
|
if [[ $(echo -e "${REQUEST}" | socat - TCP4:localhost:10256 | grep -sc '200 OK') -lt 1 ]]; then
|
|
echo Failed proxy built-in HTTP health check.
|
|
echo -e "${REQUEST}" | socat - TCP4:localhost:10256
|
|
FAILURE=1
|
|
fi
|
|
|
|
if [[ $(iptables-save {{- if .Values.livenessProbe.whitelist }} | grep -Ev "${WHITELIST}" {{- end }} | grep -sc 'has no endpoints') -gt 0 ]]; then
|
|
echo Some non-whitelisted services have no endpoints:
|
|
iptables-save | grep 'has no endpoints'
|
|
FAILURE=1
|
|
fi
|
|
|
|
|
|
IPTABLES_IPS=$(iptables-save | grep -E 'KUBE-SEP.*to-destination' | sed 's/.*to-destination \(.*\):.*/\1/' | sort -u)
|
|
KUBECTL_IPS=$(kubectl get --all-namespaces -o json endpoints | jq -r '.items | arrays | .[] | objects | .subsets | arrays | .[] | objects | .addresses | arrays | .[] | objects | .ip' | sort -u)
|
|
|
|
if [[ $(comm -23 <(echo "${IPTABLES_IPS}") <(echo "${KUBECTL_IPS}")) ]]; then
|
|
FAILURE=1
|
|
echo "Found non-current Pod IPs in iptables rules:"
|
|
comm -23 <(echo "${IPTABLES_IPS}") <(echo "${KUBECTL_IPS}")
|
|
fi
|
|
|
|
|
|
if [[ "${FAILURE}" == "1" ]]; then
|
|
exit 1
|
|
fi
|