airship/promenade
Code Issues Proposed changes

Use curl (not socat) in apiserver anchor readiness

Browse Source 
Update the kubernetes apiserver anchor pod to use curl instead of socat
for its readiness probe.

Change-Id: Id102d6542fa21b6d692781f81d250a3231e18771
This commit is contained in:
Phil Sphicas 2022-04-25 09:56:05 -07:00
parent 59e1f8af83
commit 6a17e4fccd
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
charts/apiserver/templates/daemonset.yaml
View File

@ -88,10 +88,12 @@ spec:
- -c
- |-
grep -q "created-by: ${POD_NAME}" "${MANIFEST_PATH}" || exit 1
if [ ! -f /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem ]; then
cat /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-key.pem <(echo) /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver.pem > /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem
fi
echo -e 'GET /healthz HTTP/1.0\r\n' | socat - openssl:localhost:{{ .Values.network.kubernetes_apiserver.port }},cert=/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem,cafile=/host{{ .Values.apiserver.host_etc_path }}/pki/cluster-ca.pem | grep '200 OK'
[ "$(curl -s -S -o /dev/null \
--cert "/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver.pem" \
--key "/host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-key.pem" \
--cacert "/host{{ .Values.apiserver.host_etc_path }}/pki/cluster-ca.pem" \
"https://localhost:{{ .Values.network.kubernetes_apiserver.port }}/healthz" \
-w "%{http_code}")" = "200" ]
exit $?
initialDelaySeconds: 10
periodSeconds: 5