Comments (4)
Thank you for reporting us your feedback!
The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-5376.
This message was autogenerated
from admission-webhook-operator.
Health checks
the admission-webhook
charm has a pebble health check in place:
def _admission_webhook_layer(self) -> Layer:
"""Create and return Pebble framework layer."""
layer_config = {
"summary": "admission-webhook layer",
"description": "Pebble config layer for admission-webhook-operator",
"services": {
self._container_name: {
.....
# Service details
.....
"on-check-failure": {"admission-webhook-up": "restart"},
},
},
"checks": {
"admission-webhook-up": {
"override": "replace",
"period": "30s",
"timeout": "20s",
"threshold": 4,
"tcp": {"port": self._port},
}
},
}
If functioning correctly, the pebble service should be restarted when the service port is not listening on self._port
From what we see in the logs, the check does fail, but it is not restarting the service.
This is unexpected behavior from Pebble.
Issues with the pebble check
- we see in the logs
Check "admission-webhook-up" failure threshold 4 hit, triggering action
when the threshold is hit for the first time, and yet the service is not restarted. - we see this log
Check "admission-webhook-up" failure threshold 4 hit, triggering action
only the first time that the threshold is hit, then all the other reported failures do not log this.
from admission-webhook-operator.
Proposed fix
to prevent Case 1 scenario discussed above from happening, a check that the cert files exist in the container can be added before going into update_layer
.
If the cert files don't exist, we can just log that and do nothing, knowing that pebble_ready
handler will be triggered later and the certs will be uploaded then.
fix now in PR #125
from admission-webhook-operator.
closing since this was fixed in #125 and backported in #126
from admission-webhook-operator.
Related Issues (20)
- testing in air-gapped: TLS handshake error HOT 3
- latest/edge charm stuck in maintenance with `Workload failed health check`
- Make charm's images configurable in track/<last-version> branch HOT 2
- admission workload doesn't restart after charm's reconfiguration. HOT 1
- Admission-webhook failed to start service Error: open /etc/webhook/certs/cert.pem: no such file or directory HOT 12
- `MutatingWebhook` namespace selector missing, giving it wider scope than intended HOT 1
- Integration CI "passes" even if charm goes to `Error` HOT 2
- Add missing unit tests
- Admission webhook using incorrect certificate after restart HOT 3
- poddefaults go into wrong namespace HOT 2
- kubeflow deploy deadlocks after deploying admission-webhook HOT 4
- Admission Webhook charm rewrite using sidecar pattern HOT 1
- `mutatingwebhookconfiguration`/`validatingwebhookconfiguration` objects left behind after application removal HOT 3
- Fix update status handler
- incorrect on_remove logs
- Missing aggregtaion ClusterRoles
- Upgrade test is failing in CI due to authorization issues
- Missing pod-defaults interface
- `MutatingWebhookConfiguration` conflict when upgrading from 1.6 to 1.7 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from admission-webhook-operator.