From afd4a550bcd9dd0cd7d6a87c5a8023d9572a8d89 Mon Sep 17 00:00:00 2001 From: Adrian Suarez Date: Wed, 17 Jan 2024 13:53:46 -0500 Subject: [PATCH] Use HTTP/1.1 to perform readiness check This change re-enables the readiness check, using HTTP/1.1 instead of HTTP/2 to invoke it. The readiness checks are unauthenticated and are throttled when the feature gate UnauthenticatedHTTP2DOSMitigation is set to true, which is the default starting in Kubernetes 1.29 (see https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates). This was the cause of the "GOAWAY received" errors that have been observed on Kubernetes 1.29. This change also decouples starting of the servers from waiting until they become ready, so that if the readiness check fails due to some error that propagates out of the polling loop (e.g. IOException), the caller is free to catch it and continue waiting. --- .../java/io/javaoperatorsdk/jenvtest/KubeAPIServer.java | 8 ++++++++ .../jenvtest/process/KubeAPIServerProcess.java | 4 +--- .../jenvtest/process/ProcessReadinessChecker.java | 1 + 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/core/src/main/java/io/javaoperatorsdk/jenvtest/KubeAPIServer.java b/core/src/main/java/io/javaoperatorsdk/jenvtest/KubeAPIServer.java index 63afce4..9899b7d 100644 --- a/core/src/main/java/io/javaoperatorsdk/jenvtest/KubeAPIServer.java +++ b/core/src/main/java/io/javaoperatorsdk/jenvtest/KubeAPIServer.java @@ -37,6 +37,11 @@ public KubeAPIServer(KubeAPIServerConfig config) { } public void start() { + startAsync(); + waitUntilReady(); + } + + public void startAsync() { log.debug("Stating API Server. Using jenvtest dir: {}", config.getJenvtestDir()); binaryManager.initAndDownloadIfRequired(); certManager.createCertificatesIfNeeded(); @@ -45,6 +50,9 @@ public void start() { if (config.isUpdateKubeConfig()) { kubeConfig.updateKubeConfig(apiServerPort); } + } + + public void waitUntilReady() { kubeApiServerProcess.waitUntilReady(); log.debug("API Server ready to use"); } diff --git a/core/src/main/java/io/javaoperatorsdk/jenvtest/process/KubeAPIServerProcess.java b/core/src/main/java/io/javaoperatorsdk/jenvtest/process/KubeAPIServerProcess.java index aef9548..38d6698 100644 --- a/core/src/main/java/io/javaoperatorsdk/jenvtest/process/KubeAPIServerProcess.java +++ b/core/src/main/java/io/javaoperatorsdk/jenvtest/process/KubeAPIServerProcess.java @@ -89,9 +89,7 @@ public void waitUntilReady() { var readinessChecker = new ProcessReadinessChecker(); var timeout = config.getStartupTimeout(); var startTime = System.currentTimeMillis(); - // the 1.29.0 binary has issue with this. Will temporarily comment out and further investigate. - // But with this now all the executions are failing - // readinessChecker.waitUntilReady(apiServerPort, "readyz", KUBE_API_SERVER, true, timeout); + readinessChecker.waitUntilReady(apiServerPort, "readyz", KUBE_API_SERVER, true, timeout); int newTimout = (int) (timeout - (System.currentTimeMillis() - startTime)); readinessChecker.waitUntilDefaultNamespaceAvailable(apiServerPort, binaryManager, certManager, config, newTimout); diff --git a/core/src/main/java/io/javaoperatorsdk/jenvtest/process/ProcessReadinessChecker.java b/core/src/main/java/io/javaoperatorsdk/jenvtest/process/ProcessReadinessChecker.java index f614767..df5dd8c 100644 --- a/core/src/main/java/io/javaoperatorsdk/jenvtest/process/ProcessReadinessChecker.java +++ b/core/src/main/java/io/javaoperatorsdk/jenvtest/process/ProcessReadinessChecker.java @@ -179,6 +179,7 @@ public void checkServerTrusted( null); return HttpClient.newBuilder() .sslContext(sslContext) + .version(HttpClient.Version.HTTP_1_1) .build(); } catch (NoSuchAlgorithmException | KeyManagementException e) { throw new JenvtestException(e);