Merge pull request #125 from alebedev87/readiness-probe

Bind the operator readiness to the webhook server
openshift · Mar 27, 2022 · e341083 · e341083
2 parents 8957198 + 3e1a97b
commit e341083
Show file tree

Hide file tree

Showing 46 changed files with 664 additions and 570 deletions.
diff --git a/bundle/manifests/external-dns-operator_clusterserviceversion.yaml b/bundle/manifests/external-dns-operator_clusterserviceversion.yaml
@@ -100,6 +100,16 @@ spec:
                 ports:
                   - containerPort: 9443
                     name: webhook-server
+                    protocol: TCP
+                  - containerPort: 9440
+                    name: health-check
+                    protocol: TCP
+                readinessProbe:
+                  httpGet:
+                    path: /readyz
+                    port: health-check
+                  initialDelaySeconds: 5
+                  periodSeconds: 5
                 resources:
                   requests:
                     cpu: 100m

diff --git a/cmd/external-dns-operator/main.go b/cmd/external-dns-operator/main.go
@@ -46,6 +46,7 @@ func main() {
 	flag.StringVar(&opCfg.TrustedCAConfigMapName, "trusted-ca-configmap", operatorconfig.DefaultTrustedCAConfigMapName, "The name of the config map containing TLS CA(s) which should be trusted by ExternalDNS containers. PEM encoded file under \"ca-bundle.crt\" key is expected.")
 	flag.BoolVar(&opCfg.EnableWebhook, "enable-webhook", operatorconfig.DefaultEnableWebhook, "Enable the validating webhook server. Defaults to true.")
 	flag.BoolVar(&opCfg.EnablePlatformDetection, "enable-platform-detection", operatorconfig.DefaultEnablePlatformDetection, "Enable the detection of the underlying platform. Defaults to true.")
+	flag.StringVar(&opCfg.HealthProbeBindAddress, "health-probe-bind-addr", operatorconfig.DefaultHealthProbeAddr, "The address the health endpoint binds to.")
 	opts := zap.Options{
 		Development: true,
 	}

diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml
@@ -12,10 +12,19 @@ spec:
         - containerPort: 9443
           name: webhook-server
           protocol: TCP
+        - containerPort: 9440
+          name: health-check
+          protocol: TCP
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: health-check
+          initialDelaySeconds: 5
+          periodSeconds: 5
       volumes:
       - name: cert
         secret:

diff --git a/go.mod b/go.mod
@@ -20,8 +20,8 @@ require (
 	k8s.io/api v0.22.1
 	k8s.io/apimachinery v0.22.1
 	k8s.io/client-go v0.22.1
-	k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471
-	sigs.k8s.io/controller-runtime v0.9.5
+	k8s.io/utils v0.0.0-20210802155522-efc7438f0176
+	sigs.k8s.io/controller-runtime v0.10.0
 	sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20211004203041-b1efff64d3d2
 	sigs.k8s.io/controller-tools v0.6.0
 )
diff --git a/go.sum b/go.sum
diff --git a/pkg/operator/config/config.go b/pkg/operator/config/config.go
@@ -41,6 +41,7 @@ const (
 	DefaultEnableWebhook           = true
 	DefaultEnablePlatformDetection = true
 	DefaultTrustedCAConfigMapName  = ""
+	DefaultHealthProbeAddr         = ":9440"
 
 	openshiftKind              = "OpenShiftAPIServer"
 	openshiftResourceGroup     = "operator.openshift.io"
@@ -85,6 +86,10 @@ type Config struct {
 
 	// TrustedCAConfigMapName is the name of the configmap containing CA bundle to be trusted by ExternalDNS containers.
 	TrustedCAConfigMapName string
+
+	// HealthProbeBindAddress is the TCP address that the operator should bind to for
+	// serving health probes (readiness and liveness).
+	HealthProbeBindAddress string
 }
 
 // DetectPlatform detects the underlying platform and fills corresponding config fields

diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
@@ -70,9 +70,10 @@ type Operator struct {
 // New creates a new operator from cliCfg and opCfg.
 func New(cliCfg *rest.Config, opCfg *operatorconfig.Config) (*Operator, error) {
 	mgrOpts := manager.Options{
-		Scheme:             GetOperatorScheme(),
-		MetricsBindAddress: opCfg.MetricsBindAddress,
-		Namespace:          opCfg.OperatorNamespace,
+		Scheme:                 GetOperatorScheme(),
+		MetricsBindAddress:     opCfg.MetricsBindAddress,
+		HealthProbeBindAddress: opCfg.HealthProbeBindAddress,
+		Namespace:              opCfg.OperatorNamespace,
 		NewCache: cache.MultiNamespacedCacheBuilder([]string{
 			opCfg.OperatorNamespace,
 			opCfg.OperandNamespace,
@@ -102,6 +103,10 @@ func New(cliCfg *rest.Config, opCfg *operatorconfig.Config) (*Operator, error) {
 	}
 	//+kubebuilder:scaffold:builder
 
+	if err := mgr.AddReadyzCheck("webhook", mgr.GetWebhookServer().StartedChecker()); err != nil {
+		return nil, fmt.Errorf("unable to setup ready check: %w", err)
+	}
+
 	if err = opCfg.FillPlatformDetails(context.TODO(), mgr.GetClient()); err != nil {
 		return nil, fmt.Errorf("failed to fill the platform details: %w", err)
 	}

diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types.go
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/generated.proto b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/generated.proto
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/types.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/types.go
diff --git a/vendor/k8s.io/utils/pointer/pointer.go b/vendor/k8s.io/utils/pointer/pointer.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -483,7 +483,7 @@ k8s.io/api/scheduling/v1beta1
 k8s.io/api/storage/v1
 k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
-# k8s.io/apiextensions-apiserver v0.21.3
+# k8s.io/apiextensions-apiserver v0.22.1
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1
@@ -670,20 +670,20 @@ k8s.io/client-go/util/jsonpath
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/retry
 k8s.io/client-go/util/workqueue
-# k8s.io/component-base v0.21.3
+# k8s.io/component-base v0.22.1
 k8s.io/component-base/config
 k8s.io/component-base/config/v1alpha1
 # k8s.io/klog/v2 v2.9.0
 k8s.io/klog/v2
 # k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e
 k8s.io/kube-openapi/pkg/util/proto
-# k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471
+# k8s.io/utils v0.0.0-20210802155522-efc7438f0176
 ## explicit
 k8s.io/utils/buffer
 k8s.io/utils/integer
 k8s.io/utils/pointer
 k8s.io/utils/trace
-# sigs.k8s.io/controller-runtime v0.9.5
+# sigs.k8s.io/controller-runtime v0.10.0
 ## explicit
 sigs.k8s.io/controller-runtime
 sigs.k8s.io/controller-runtime/pkg/builder

diff --git a/vendor/sigs.k8s.io/controller-runtime/FAQ.md b/vendor/sigs.k8s.io/controller-runtime/FAQ.md
diff --git a/vendor/sigs.k8s.io/controller-runtime/Makefile b/vendor/sigs.k8s.io/controller-runtime/Makefile
diff --git a/vendor/sigs.k8s.io/controller-runtime/OWNERS_ALIASES b/vendor/sigs.k8s.io/controller-runtime/OWNERS_ALIASES
diff --git a/vendor/sigs.k8s.io/controller-runtime/README.md b/vendor/sigs.k8s.io/controller-runtime/README.md
diff --git a/vendor/sigs.k8s.io/controller-runtime/TMP-LOGGING.md b/vendor/sigs.k8s.io/controller-runtime/TMP-LOGGING.md
diff --git a/vendor/sigs.k8s.io/controller-runtime/doc.go b/vendor/sigs.k8s.io/controller-runtime/doc.go
diff --git a/vendor/sigs.k8s.io/controller-runtime/go.mod b/vendor/sigs.k8s.io/controller-runtime/go.mod