Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add liveness and readiness to ingress and egress #1055

Closed
wants to merge 9 commits into from
Closed

Add liveness and readiness to ingress and egress #1055

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
f8d7541
Add liveliness and readiness to ingress and egress
andraxylia Oct 7, 2017
b611771
Fix typo
andraxylia Oct 7, 2017
269f982
Reduce initial delay
andraxylia Oct 7, 2017
a1794ec
Run with sh
andraxylia Oct 7, 2017
2c02881
Try with longer periodSeconds=20s
andraxylia Oct 7, 2017
9ad56b4
Use curl directly for liveness check
andraxylia Oct 9, 2017
9557507
Merge remote-tracking branch 'origin' into red
andraxylia Oct 9, 2017
207466c
Increased initialDelay and use curl -f
andraxylia Oct 9, 2017
8b63f72
Merge branch 'master' into red
andraxylia Oct 10, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
32 changes: 32 additions & 0 deletions install/kubernetes/istio-auth.yaml
View file
Open in desktop
Expand Up @@ -1173,6 +1173,22 @@ spec:
ports:
- containerPort: 80
- containerPort: 443
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 url should be enough for a liveness check no? (Does envoy have a /ready or one of those is the last one ready)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are right, one is enough, will change.
It does not have /ready, we can suggest an improvement.

initialDelaySeconds: 3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for putting this together.

Are these numbers (seconds) default value? Just curious where we get this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@andraxylia we should use curl -f so that curl actually fails on a non 200.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And also check if those endpoint return empty.

periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down Expand Up @@ -1263,6 +1279,22 @@ spec:
- istio-mixer:9125
- --proxyAdminPort
- "15000"
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down
32 changes: 32 additions & 0 deletions install/kubernetes/istio-one-namespace-auth.yaml
View file
Open in desktop
Expand Up @@ -1173,6 +1173,22 @@ spec:
ports:
- containerPort: 80
- containerPort: 443
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down Expand Up @@ -1263,6 +1279,22 @@ spec:
- istio-mixer:9125
- --proxyAdminPort
- "15000"
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down
32 changes: 32 additions & 0 deletions install/kubernetes/istio-one-namespace.yaml
View file
Open in desktop
Expand Up @@ -1173,6 +1173,22 @@ spec:
ports:
- containerPort: 80
- containerPort: 443
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down Expand Up @@ -1263,6 +1279,22 @@ spec:
- istio-mixer:9125
- --proxyAdminPort
- "15000"
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down
32 changes: 32 additions & 0 deletions install/kubernetes/istio.yaml
View file
Open in desktop
Expand Up @@ -1173,6 +1173,22 @@ spec:
ports:
- containerPort: 80
- containerPort: 443
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down Expand Up @@ -1263,6 +1279,22 @@ spec:
- istio-mixer:9125
- --proxyAdminPort
- "15000"
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down
16 changes: 16 additions & 0 deletions install/kubernetes/templates/istio-egress.yaml.tmpl
View file
Open in desktop
Expand Up @@ -60,6 +60,22 @@ spec:
- istio-mixer:9125
- --proxyAdminPort
- "15000"
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down
16 changes: 16 additions & 0 deletions install/kubernetes/templates/istio-ingress.yaml.tmpl
View file
Open in desktop
Expand Up @@ -70,6 +70,22 @@ spec:
ports:
- containerPort: 80
- containerPort: 443
readinessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not use the standard http probe?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, this is another option, but we are running out of time for Monday morning.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, this requires exposing port 15000. It is not a better option.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think performing checks without opening up new ports is preferred.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the port is a good argument, I don't know how to configure it so it's only reachable from the probe so for readiness maybe this is a good approach, if it was actually checking something (which it isn't except for something listening on 15000)

initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
livenessProbe:
exec:
command:
- curl http://localhost:15000/clusters && curl http://localhost:15000/listeners && curl http://localhost:15000/routes
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 10
env:
- name: POD_NAME
valueFrom:
Expand Down