forked from rancher/rke
-
Notifications
You must be signed in to change notification settings - Fork 0
/
healthcheck.go
105 lines (97 loc) · 3.12 KB
/
healthcheck.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package services
import (
"context"
"crypto/tls"
"fmt"
"io/ioutil"
"net/http"
"strconv"
"strings"
"time"
"github.com/rancher/rke/hosts"
"github.com/rancher/rke/log"
"github.com/rancher/rke/pki"
"github.com/sirupsen/logrus"
"k8s.io/client-go/util/cert"
)
const (
HealthzAddress = "localhost"
HealthzEndpoint = "/healthz"
HTTPProtoPrefix = "http://"
HTTPSProtoPrefix = "https://"
)
func runHealthcheck(ctx context.Context, host *hosts.Host, serviceName string, localConnDialerFactory hosts.DialerFactory, url string, certMap map[string]pki.CertificatePKI) error {
log.Infof(ctx, "[healthcheck] Start Healthcheck on service [%s] on host [%s]", serviceName, host.Address)
var x509Pair tls.Certificate
port, err := getPortFromURL(url)
if err != nil {
return err
}
if serviceName == KubeletContainerName {
certificate := cert.EncodeCertPEM(certMap[pki.KubeNodeCertName].Certificate)
key := cert.EncodePrivateKeyPEM(certMap[pki.KubeNodeCertName].Key)
x509Pair, err = tls.X509KeyPair(certificate, key)
if err != nil {
return err
}
}
client, err := getHealthCheckHTTPClient(host, port, localConnDialerFactory, &x509Pair)
if err != nil {
return fmt.Errorf("Failed to initiate new HTTP client for service [%s] for host [%s]", serviceName, host.Address)
}
for retries := 0; retries < 10; retries++ {
if err = getHealthz(client, serviceName, host.Address, url); err != nil {
logrus.Debugf("[healthcheck] %v", err)
time.Sleep(5 * time.Second)
continue
}
log.Infof(ctx, "[healthcheck] service [%s] on host [%s] is healthy", serviceName, host.Address)
return nil
}
return fmt.Errorf("Failed to verify healthcheck: %v", err)
}
func getHealthCheckHTTPClient(host *hosts.Host, port int, localConnDialerFactory hosts.DialerFactory, x509KeyPair *tls.Certificate) (*http.Client, error) {
host.LocalConnPort = port
var factory hosts.DialerFactory
if localConnDialerFactory == nil {
factory = hosts.LocalConnFactory
} else {
factory = localConnDialerFactory
}
dialer, err := factory(host)
if err != nil {
return nil, fmt.Errorf("Failed to create a dialer for host [%s]: %v", host.Address, err)
}
tlsConfig := &tls.Config{InsecureSkipVerify: true}
if x509KeyPair != nil {
tlsConfig = &tls.Config{
InsecureSkipVerify: true,
Certificates: []tls.Certificate{*x509KeyPair},
}
}
return &http.Client{
Transport: &http.Transport{
Dial: dialer,
TLSClientConfig: tlsConfig,
},
}, nil
}
func getHealthz(client *http.Client, serviceName, hostAddress, url string) error {
resp, err := client.Get(url)
if err != nil {
return fmt.Errorf("Failed to check %s for service [%s] on host [%s]: %v", url, serviceName, hostAddress, err)
}
if resp.StatusCode != http.StatusOK {
statusBody, _ := ioutil.ReadAll(resp.Body)
return fmt.Errorf("Service [%s] is not healthy on host [%s]. Response code: [%d], response body: %s", serviceName, hostAddress, resp.StatusCode, statusBody)
}
return nil
}
func getPortFromURL(url string) (int, error) {
port := strings.Split(strings.Split(url, ":")[2], "/")[0]
intPort, err := strconv.Atoi(port)
if err != nil {
return 0, err
}
return intPort, nil
}