Skip to content

Commit

Permalink
add startupProbe to all provisioned containers (envoyproxy#3893)
Browse files Browse the repository at this point in the history
* This ensures the readinessProbe kicks in only after the container has
  started
* max startup time is 300s - 30 (failureThreshold) x 10 (periodSeconds).
After this the container is killed and the `restartPolicy` kicks in
https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#startup-probe

Fixes: envoyproxy#3511

Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: Karandashov Daniil <[email protected]>
  • Loading branch information
arkodg authored and Demacr committed Jul 26, 2024
1 parent 0e4fed5 commit f646e7f
Show file tree
Hide file tree
Showing 53 changed files with 831 additions and 0 deletions.
26 changes: 26 additions & 0 deletions internal/infrastructure/kubernetes/proxy/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,19 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
VolumeMounts: expectedContainerVolumeMounts(containerSpec),
TerminationMessagePolicy: corev1.TerminationMessageReadFile,
TerminationMessagePath: "/dev/termination-log",
StartupProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Path: bootstrap.EnvoyReadinessPath,
Port: intstr.IntOrString{Type: intstr.Int, IntVal: bootstrap.EnvoyReadinessPort},
Scheme: corev1.URISchemeHTTP,
},
},
TimeoutSeconds: 1,
PeriodSeconds: 10,
SuccessThreshold: 1,
FailureThreshold: 30,
},
ReadinessProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Expand Down Expand Up @@ -237,6 +250,19 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
Resources: *egv1a1.DefaultShutdownManagerContainerResourceRequirements(),
TerminationMessagePolicy: corev1.TerminationMessageReadFile,
TerminationMessagePath: "/dev/termination-log",
StartupProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Path: envoy.ShutdownManagerHealthCheckPath,
Port: intstr.IntOrString{Type: intstr.Int, IntVal: envoy.ShutdownManagerPort},
Scheme: corev1.URISchemeHTTP,
},
},
TimeoutSeconds: 1,
PeriodSeconds: 10,
SuccessThreshold: 1,
FailureThreshold: 30,
},
ReadinessProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,15 @@ spec:
requests:
cpu: 100m
memory: 512Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -142,6 +151,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,15 @@ spec:
memory: 1Gi
securityContext:
privileged: true
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -331,6 +340,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -273,6 +273,15 @@ spec:
memory: 1Gi
securityContext:
privileged: true
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -329,6 +338,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,15 @@ spec:
requests:
cpu: 100m
memory: 512Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -309,6 +318,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,15 @@ spec:
requests:
cpu: 100m
memory: 512Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -280,6 +289,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,15 @@ spec:
memory: 1Gi
securityContext:
privileged: true
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -333,6 +342,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,15 @@ spec:
requests:
cpu: 100m
memory: 512Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -320,6 +329,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,15 @@ spec:
requests:
cpu: 100m
memory: 512Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -309,6 +318,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirstWithHostNet
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,15 @@ spec:
requests:
cpu: 100m
memory: 512Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -322,6 +331,15 @@ spec:
memory: 64Mi
securityContext:
runAsUser: 1234
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,15 @@ spec:
memory: 1Gi
securityContext:
privileged: true
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -333,6 +342,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,15 @@ spec:
requests:
cpu: 100m
memory: 512Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /ready
port: 19001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -314,6 +323,15 @@ spec:
requests:
cpu: 10m
memory: 32Mi
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz
port: 19002
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Loading

0 comments on commit f646e7f

Please sign in to comment.