New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exercise etcd connectivity in the /healthz/ping endpoint #48215
Comments
@bjhaid There are no sig labels on this issue. Please add a sig label by: |
/sig api-machinery |
thanks @xiangpengzhao |
Checking to see if you can reach etcd makes sense. I don't think it should be part of ping though. How about a separate health check which is conditional on having a storage a config which speaks to etcd? |
It would be better to have an health check that exercises whatever storage backend is in use, however if that's too complex maybe having something etcd specific would be okay. |
I think those would be different health checks. It is possible to have multiple backends for a single server. Consider the arguments around events we're having now. |
@deads2k how about aggregating health checks for multiple backends into a single endpoint? |
|
|
if any constituent health check (see |
ah makes perfect sense, so how will this be turned into a work stream? ;) I also don't mind taking a stab at implementing it with some guidance |
@deads2k I got something working here: It's doesn't have tests, but I have tested it from the command line and it works as expected, I can maybe add tests and move the logic to a separate function if you think this makes sense |
Yeah, it looks close enough to be worth a pull and some tests |
Thanks ❤️ I'll clean it up and send in a PR |
/assign @jpbetz |
@lavalamp: GitHub didn't allow me to assign the following users: jpbetz. Note that only kubernetes members can be assigned. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@lavalamp I actually have a WIP for this and was going to PR this tomorrow |
Loosely related to this- Etcd's own /health endpoint will start correctly reporting as unhealthy when any alarms are triggered: etcd-io/etcd#8272. This won't be available till etcd 3.3.0 |
@jpbetz that will not solve the motivation for this issue, the apiserver was fenced off from having a network communication with etcd and the healthz endpoints still reported healthy, even though all critical api requests were failing |
Automatic merge from submit-queue (batch tested with PRs 49989, 49806, 49649, 49412, 49512) This adds an etcd health check endpoint to kube-apiserver addressing #48215. **What this PR does / why we need it**: This ensures kube-apiserver `/healthz` endpoint fails whenever connectivity cannot be established to etcd, also ensures the etcd preflight checks works with unix sockets **Which issue this PR fixes**: fixes #48215 **Special notes for your reviewer**: This PR does not use the etcd client directly as the client object is wrapped behind the storage interface and not exposed directly for use, so I decided to reuse what's being done in the preflight. So this will only check fail for connectivity and not etcd auth related problems. I did not write tests for the endpoint because I couldn't find examples that I could follow for writing tests for healthz related endpoints, I'll be willing to write those tests if someone can point me at a relevant one. **Release note**: ```release-note Add etcd connectivity endpoint to healthz ``` @deads2k please help review, thanks!
Is this a BUG REPORT or FEATURE REQUEST?:
/kind feature
What happened:
We fenced off an api-server from connecting to etcd, however the
/healthz/ping
endpoint was returning 200What you expected to happen:
The
/healthz/ping
endpoint to exercise connectivity to etcd and return a 500 type response code if it can't connect to etcd since the apiserver is useless without etcdThe text was updated successfully, but these errors were encountered: