diff --git a/pkg/neutronapi/deployment.go b/pkg/neutronapi/deployment.go index 8b9e0468..3173ef75 100644 --- a/pkg/neutronapi/deployment.go +++ b/pkg/neutronapi/deployment.go @@ -41,12 +41,12 @@ func Deployment( labels map[string]string, annotations map[string]string, ) (*appsv1.Deployment, error) { - // TODO(lucasagomes): Look into how to implement separated probes - // for the httpd and neutron-api containers. Right now the code uses - // the same liveness and readiness probes for both containers which - // only checks the port 9696 (NeutronPublicPort) which is the port - // that httpd is listening to. Ideally, we should also include a - // probe on port 9697 which is the port that neutron-api binds to + // TODO(lucasagomes): Look into how to implement separated probes + // for the httpd and neutron-api containers. Right now the code uses + // the same liveness and readiness probes for both containers which + // only checks the port 9696 (NeutronPublicPort) which is the port + // that httpd is listening to. Ideally, we should also include a + // probe on port 9697 which is the port that neutron-api binds to livenessProbe := &corev1.Probe{ TimeoutSeconds: 30, PeriodSeconds: 30, @@ -56,8 +56,14 @@ func Deployment( TimeoutSeconds: 30, PeriodSeconds: 30, InitialDelaySeconds: 5, + Exec: &corev1.ExecAction{ + Command: []string{ + "cat", + "/etc/pki/tls/certs/internal.crt", + }, + }, } - args := []string{"-c", ServiceCommand} + args := []string{"-c", ServiceCommand} httpdArgs := []string{"-DFOREGROUND"} // @@ -71,7 +77,7 @@ func Deployment( Path: "/", Port: intstr.IntOrString{Type: intstr.Int, IntVal: int32(NeutronPublicPort)}, } - + // Use HTTPS if TLS is enabled if instance.Spec.TLS.API.Enabled(service.EndpointPublic) { livenessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS readinessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS @@ -93,6 +99,7 @@ func Deployment( httpdVolumeMounts = append(httpdVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...) } + // handle TLS certificates for HTTPD for _, endpt := range []service.Endpoint{service.EndpointInternal, service.EndpointPublic} { if instance.Spec.TLS.API.Enabled(endpt) { var tlsEndptCfg tls.GenericService @@ -134,8 +141,7 @@ func Deployment( Selector: &metav1.LabelSelector{ MatchLabels: labels, }, - PodManagementPolicy: appsv1.ParallelPodManagement, - Replicas: instance.Spec.Replicas, + Replicas: instance.Spec.Replicas, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Annotations: annotations, @@ -154,6 +160,7 @@ func Deployment( VolumeMounts: apiVolumeMounts, Resources: instance.Spec.Resources, LivenessProbe: livenessProbe, + ReadinessProbe: readinessProbe, TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError, }, { @@ -175,14 +182,13 @@ func Deployment( }, }, } - - // If possible two pods of the same service should not - // run on the same worker node. If this is not possible - // the get still created on the same worker node. + // If possible two pods of the same service should not + // run on the same worker node. If this is not possible + // the get still created on the same worker node. deployment.Spec.Template.Spec.Affinity = affinity.DistributePods( common.AppSelector, []string{ - ServiceName, + ServiceName, }, corev1.LabelHostname, )