VC-36444: Add a health check and liveness probe #580
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ref: VC-36444
Why? Customers don’t like the fact that OpenShift shows warnings whenever they install Venafi Kubernetes Agent. These warnings say that this pod doesn’t have a liveness and a readiness configuration in the Pod specification, and that the best practice is to have one for each pod.
What? The idea isn’t to define what “ready” means in the agent. The agent doesn’t receive traffic, so it wouldn’t make sense to configure a readiness probe (readiness probes are used by Kubernetes to know when to start routing traffic to that pod). And regarding the liveness probe, although it could be useful to indicate that the agent isn’t able to push data to the API, defining a “real” liveness probe is out of scope for this ticket. Instead, the idea is to implement a “ping pong” liveness and readiness probe so that OpenShift customers stop seeing warnings.
Note to the reviewer: I've chosen to combine the metrics endpoint (
/metrics
) with the readiness and liveness probes because I don't think there will be problems with combining the three.Testing
I've used the tenant https://ven-tlspk.venafi.cloud/. To access the API key, use the user
system.admin@tlspk.qa.venafi.io
and the password is visible in the page Production Accounts (private to Venafi). Then go to the settings and find the API key.export APIKEY=...
Then, run:
You should see that the pod now has a liveness and readiness probe:
To check that the server works, I used telepresence (can't rely on
k proxy
since it doesn't have a service, can't reach the pod IP since I'm on macOS)Then:
The pod should be ready: