-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch webhook liveness/readiness probes to use http ports #3349
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/kind bug
please consider adding more detail in the commit message as described in https://github.com/tektoncd/community/blob/master/standards.md#commit-messages
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this!
Eventually it would be nice to have probes that actually verify that the service is running - however this is definitely a step forward!
It would be great to do the same for the controller (in a different PR) if you'd like.
/lgtm
Sorry I was distracted by something else for a bit and now was able to come back to this. @afrittoli I think @imjasonh is still not convinced to add the probes in controller and I also think it will be reasonable to follow the comment you added in #3111. I will keep track of the health checks they've added to knative package and take a look at that to make probes available in controller.
|
/lgtm @sbwsg do you have any other comments? |
Thanks @ywluogg ! /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sbwsg The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@ywluogg quick question, would be ok to have this same implementation for the missing probes in https://github.com/tektoncd/pipeline/blob/master/config/controller.yaml ? |
The issue was addressed in #3111. I will add the probes in controller once the health checks mentioned in #3111 is available. |
The approach in knative for the webhook is actually to use the existing HTTPs endpoint like used to do, but with HTTPs instead of TCP, and passing a special I guess we could do the same for Tekton and avoid the need for the extra server, but it would require doing TLS handshakes, so perhaps its good to stick with this solution :) For the controller there is no solution yet, so one way forward might be to have a dedicated small HTTP server until we have a solution from |
You don't need the |
Pinging @imjasonh again for any suggestion for adding a temporary http server in controller. I think currently we may still need for info from other users about why they need this probe in the controller. |
The probe needed is mostly the liveness one. |
It sounds necessary to add at least the liveness probe in controller based on this situation. I don't think there is another simpler way to check on liveness under this situation. But I'm waiting for @imjasonh con re-assurance. |
I agree, it sounds like HA controller will benefit from having a liveness probe, which we can implement now with a simple dummy HTTP server, and later improve with real health checks. |
Sounds good will add it as soon as possible. |
@ywluogg Go through above discussions, are you only enable |
@xiujuan95 do you mind also provide some details about the situation you plan to use it? Thanks |
@ywluogg Sure, I can. Actually, It's a requirement from my manager team. It requires all pods need to enable liveness and readiness check. Besides, I think |
Sounds good I will add them too. |
@ywluogg Thanks a lot! |
Changes
Switch webhook liveness/readiness probes to http ports and use a separate port from actual webhook HTTPS ports.
This fixes misleading errors mentioned in #3303
Webhook logs:
This solves the issue because it doesn't send simple TCP request to a HTTPS port, which will cause TLS handshake to fail.
Other considerations will be 1. continue using the same HTTPS port but establish HTTPS handshake. This is not done because using the same port as actual webhook port for probes is not ideal for traffic and responsibility separation.
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Double check this list of stuff that's easy to miss:
cmd
dir, please updatethe release Task to build and release this image.
Reviewer Notes
If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.
Release Notes