From fe81169c1e7f6d892d6c0b183e510c6824d53918 Mon Sep 17 00:00:00 2001 From: Jacob Beacham Date: Mon, 6 Mar 2017 17:50:50 -0800 Subject: [PATCH] kubeadm: make kube-apiserver's liveness probe match its bindport. It had previously been hardcoded, so if you used --apiserver-bind-port to override the default port (6443), then the health check for the pod would quickly fail and kubelet would continuously kill the apiserver. --- cmd/kubeadm/app/master/BUILD | 1 + cmd/kubeadm/app/master/manifests.go | 2 +- cmd/kubeadm/app/master/manifests_test.go | 55 +++++++++++++++++++++++- 3 files changed, 55 insertions(+), 3 deletions(-) diff --git a/cmd/kubeadm/app/master/BUILD b/cmd/kubeadm/app/master/BUILD index 66ed69839a3a6..eade3252bfa09 100644 --- a/cmd/kubeadm/app/master/BUILD +++ b/cmd/kubeadm/app/master/BUILD @@ -48,6 +48,7 @@ go_test( deps = [ "//cmd/kubeadm/app/apis/kubeadm:go_default_library", "//vendor:k8s.io/apimachinery/pkg/util/intstr", + "//vendor:k8s.io/apimachinery/pkg/util/yaml", "//vendor:k8s.io/client-go/pkg/api/v1", ], ) diff --git a/cmd/kubeadm/app/master/manifests.go b/cmd/kubeadm/app/master/manifests.go index e3d688875237e..0af22fa345c08 100644 --- a/cmd/kubeadm/app/master/manifests.go +++ b/cmd/kubeadm/app/master/manifests.go @@ -75,7 +75,7 @@ func WriteStaticPodManifests(cfg *kubeadmapi.MasterConfiguration) error { Image: images.GetCoreImage(images.KubeAPIServerImage, cfg, kubeadmapi.GlobalEnvParams.HyperkubeImage), Command: getAPIServerCommand(cfg, false), VolumeMounts: volumeMounts, - LivenessProbe: componentProbe(6443, "/healthz", api.URISchemeHTTPS), + LivenessProbe: componentProbe(int(cfg.API.BindPort), "/healthz", api.URISchemeHTTPS), Resources: componentResources("250m"), Env: getProxyEnvVars(), }, volumes...), diff --git a/cmd/kubeadm/app/master/manifests_test.go b/cmd/kubeadm/app/master/manifests_test.go index fc17f9b281a70..16b7da0352cf1 100644 --- a/cmd/kubeadm/app/master/manifests_test.go +++ b/cmd/kubeadm/app/master/manifests_test.go @@ -25,6 +25,7 @@ import ( "testing" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/apimachinery/pkg/util/yaml" api "k8s.io/client-go/pkg/api/v1" "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" @@ -45,13 +46,23 @@ func TestWriteStaticPodManifests(t *testing.T) { defer func() { kubeadmapi.GlobalEnvParams = oldEnv }() var tests = []struct { - cfg *kubeadmapi.MasterConfiguration - expected bool + cfg *kubeadmapi.MasterConfiguration + expected bool + expectedAPIProbePort int32 }{ { cfg: &kubeadmapi.MasterConfiguration{}, expected: true, }, + { + cfg: &kubeadmapi.MasterConfiguration{ + API: kubeadmapi.API{ + BindPort: 443, + }, + }, + expected: true, + expectedAPIProbePort: 443, + }, } for _, rt := range tests { actual := WriteStaticPodManifests(rt.cfg) @@ -61,6 +72,46 @@ func TestWriteStaticPodManifests(t *testing.T) { rt.expected, (actual == nil), ) + continue + } + + if rt.expectedAPIProbePort != 0 { + manifest, err := os.Open(fmt.Sprintf("%s/manifests/kube-apiserver.yaml", kubeadmapi.GlobalEnvParams.KubernetesDir)) + if err != nil { + t.Error("WriteStaticPodManifests: error opening manifests/kube-apiserver.yaml") + continue + } + + var pod api.Pod + d := yaml.NewYAMLOrJSONDecoder(manifest, 4096) + if err := d.Decode(&pod); err != nil { + t.Error("WriteStaticPodManifests: error decoding manifests/kube-apiserver.yaml into Pod") + continue + } + + // Lots of individual checks as we traverse pointers so we don't panic dereferencing a nil on failure + containers := pod.Spec.Containers + if containers == nil || len(containers) == 0 { + t.Error("WriteStaticPodManifests: wrote an apiserver manifest without any containers") + continue + } + + probe := containers[0].LivenessProbe + if probe == nil { + t.Error("WriteStaticPodManifests: wrote an apiserver manifest without a liveness probe") + continue + } + + httpGET := probe.Handler.HTTPGet + if httpGET == nil { + t.Error("WriteStaticPodManifests: wrote an apiserver manifest without an HTTP liveness probe") + continue + } + + port := httpGET.Port.IntVal + if rt.expectedAPIProbePort != port { + t.Errorf("WriteStaticPodManifests: apiserver pod liveness probe port was: %v, wanted %v", port, rt.expectedAPIProbePort) + } } } }