Skip to content

Commit 0545b71

Browse files
rbtrrbtr
authored
fix: only ping k8s for healthz in podsubnet (#3616)
* fix: only ping k8s for healthz in podsubnet Signed-off-by: GitHub <[email protected]> * update dockerfiles Signed-off-by: GitHub <[email protected]> --------- Signed-off-by: GitHub <[email protected]>
1 parent 7496dae commit 0545b71

File tree

6 files changed

+22
-24
lines changed

6 files changed

+22
-24
lines changed

cni/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@ ARG OS_VERSION
66
ARG OS
77

88
# mcr.microsoft.com/oss/go/microsoft/golang:1.23-cbl-mariner2.0
9-
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:e656a885f0ff81be6ef145c7ae8b84ce9515da2bd182d8537f093dd5563d4e04 AS go
9+
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:b06999cae63b9b6f43bcb16bd16bcbedae847684515317e15607a601ed108030 AS go
1010

1111
# mcr.microsoft.com/cbl-mariner/base/core:2.0
12-
FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core@sha256:2a5d3461de4c082b1ced83a491c0d83b80221311dbee1b6f0a98271cefe57b00 AS mariner-core
12+
FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core@sha256:961bfedbbbdc0da51bc664f51d959da292eced1ad46c3bf674aba43b9be8c703 AS mariner-core
1313

1414
FROM go AS azure-vnet
1515
ARG OS

cns/Dockerfile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,13 @@ ARG OS_VERSION
55
ARG OS
66

77
# mcr.microsoft.com/oss/go/microsoft/golang:1.23-cbl-mariner2.0
8-
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:e656a885f0ff81be6ef145c7ae8b84ce9515da2bd182d8537f093dd5563d4e04 AS go
8+
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:b06999cae63b9b6f43bcb16bd16bcbedae847684515317e15607a601ed108030 AS go
99

1010
# mcr.microsoft.com/cbl-mariner/base/core:2.0
11-
FROM mcr.microsoft.com/cbl-mariner/base/core@sha256:2a5d3461de4c082b1ced83a491c0d83b80221311dbee1b6f0a98271cefe57b00 AS mariner-core
11+
FROM mcr.microsoft.com/cbl-mariner/base/core@sha256:961bfedbbbdc0da51bc664f51d959da292eced1ad46c3bf674aba43b9be8c703 AS mariner-core
1212

1313
# mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
14-
FROM mcr.microsoft.com/cbl-mariner/distroless/minimal@sha256:6989c162e941656f8a6d00f1176a20a2f1ff261232fd01ec717d1ea0baff6cdb AS mariner-distroless
14+
FROM mcr.microsoft.com/cbl-mariner/distroless/minimal@sha256:7778a86d86947d5f64c1280a7ee0cf36c6c6d76b5749dd782fbcc14f113961bf AS mariner-distroless
1515

1616
FROM --platform=linux/${ARCH} go AS builder
1717
ARG OS

cns/configuration/configuration.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ type CNSConfig struct {
2626
CNIConflistFilepath string
2727
CNIConflistScenario string
2828
ChannelMode string
29+
EnableAPIServerHealthPing bool
2930
EnableAsyncPodDelete bool
3031
EnableCNIConflistGeneration bool
3132
EnableIPAMv2 bool

cns/healthserver/healthz.go

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,6 @@ package healthserver
33
import (
44
"net/http"
55

6-
"github.com/Azure/azure-container-networking/cns"
7-
"github.com/Azure/azure-container-networking/cns/configuration"
86
"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
97
"github.com/pkg/errors"
108
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -21,13 +19,17 @@ func init() {
2119
utilruntime.Must(v1alpha.AddToScheme(scheme))
2220
}
2321

22+
type Config struct {
23+
PingAPIServer bool
24+
}
25+
2426
// NewHealthzHandlerWithChecks will return a [http.Handler] for CNS's /healthz endpoint.
2527
// Depending on what we expect CNS to be able to read (based on the [configuration.CNSConfig])
2628
// then the checks registered to the handler will test for those expectations. For example, in
2729
// ChannelMode: CRD, the health check will ensure that CNS is able to list NNCs successfully.
28-
func NewHealthzHandlerWithChecks(cnsConfig *configuration.CNSConfig) (http.Handler, error) {
30+
func NewHealthzHandlerWithChecks(cfg *Config) (http.Handler, error) {
2931
checks := make(map[string]healthz.Checker)
30-
if cnsConfig.ChannelMode == cns.CRD {
32+
if cfg.PingAPIServer {
3133
cfg, err := ctrl.GetConfig()
3234
if err != nil {
3335
return nil, errors.Wrap(err, "failed to get kubeconfig")
@@ -38,7 +40,6 @@ func NewHealthzHandlerWithChecks(cnsConfig *configuration.CNSConfig) (http.Handl
3840
if err != nil {
3941
return nil, errors.Wrap(err, "failed to build client")
4042
}
41-
4243
checks["nnc"] = func(req *http.Request) error {
4344
ctx := req.Context()
4445
// we just care that we're allowed to List NNCs so set limit to 1 to minimize
@@ -52,9 +53,6 @@ func NewHealthzHandlerWithChecks(cnsConfig *configuration.CNSConfig) (http.Handl
5253
return nil
5354
}
5455
}
55-
56-
// strip prefix so that it runs through all checks registered on the handler.
57-
// otherwise it will look for a check named "healthz" and return a 404 if not there.
5856
return &healthz.Handler{
5957
Checks: checks,
6058
}, nil

cns/healthserver/healthz_test.go

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@ import (
77
"os"
88
"testing"
99

10-
"github.com/Azure/azure-container-networking/cns/configuration"
1110
"github.com/stretchr/testify/require"
1211
)
1312

@@ -162,30 +161,30 @@ const nncResult = `{
162161
func TestNewHealthzHandlerWithChecks(t *testing.T) {
163162
tests := []struct {
164163
name string
165-
cnsConfig *configuration.CNSConfig
164+
config *Config
166165
apiStatusCode int
167166
expectedHealthy bool
168167
}{
169168
{
170169
name: "list NNC gives 200 should indicate healthy",
171-
cnsConfig: &configuration.CNSConfig{
172-
ChannelMode: "CRD",
170+
config: &Config{
171+
PingAPIServer: true,
173172
},
174173
apiStatusCode: http.StatusOK,
175174
expectedHealthy: true,
176175
},
177176
{
178177
name: "unauthorized (401) from apiserver should be unhealthy",
179-
cnsConfig: &configuration.CNSConfig{
180-
ChannelMode: "CRD",
178+
config: &Config{
179+
PingAPIServer: true,
181180
},
182181
apiStatusCode: http.StatusUnauthorized,
183182
expectedHealthy: false,
184183
},
185184
{
186185
name: "channel nodesubnet should not call apiserver so it doesn't matter if the status code is a 401",
187-
cnsConfig: &configuration.CNSConfig{
188-
ChannelMode: "AzureHost",
186+
config: &Config{
187+
PingAPIServer: false,
189188
},
190189
apiStatusCode: http.StatusUnauthorized,
191190
expectedHealthy: true,
@@ -197,7 +196,7 @@ func TestNewHealthzHandlerWithChecks(t *testing.T) {
197196
configureLocalAPIServer(t, tt.apiStatusCode)
198197

199198
responseRecorder := httptest.NewRecorder()
200-
healthHandler, err := NewHealthzHandlerWithChecks(tt.cnsConfig)
199+
healthHandler, err := NewHealthzHandlerWithChecks(tt.config)
201200
healthHandler = http.StripPrefix("/healthz", healthHandler)
202201
require.NoError(t, err)
203202

cns/service/main.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -638,7 +638,7 @@ func main() {
638638
}
639639

640640
// start the healthz/readyz/metrics server
641-
readyCh := make(chan interface{})
641+
readyCh := make(chan any)
642642
readyChecker := healthz.CheckHandler{
643643
Checker: healthz.Checker(func(*http.Request) error {
644644
select {
@@ -650,7 +650,7 @@ func main() {
650650
}),
651651
}
652652

653-
healthzHandler, err := healthserver.NewHealthzHandlerWithChecks(cnsconfig)
653+
healthzHandler, err := healthserver.NewHealthzHandlerWithChecks(&healthserver.Config{PingAPIServer: cnsconfig.EnableAPIServerHealthPing})
654654
if err != nil {
655655
logger.Errorf("unable to initialize a healthz handler: %v", err)
656656
return

0 commit comments

Comments
 (0)