Giter VIP home page Giter VIP logo

Comments (4)

syncronize-issues-to-jira avatar syncronize-issues-to-jira commented on May 23, 2024

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-5376.

This message was autogenerated

from admission-webhook-operator.

NohaIhab avatar NohaIhab commented on May 23, 2024

Health checks

the admission-webhook charm has a pebble health check in place:

    def _admission_webhook_layer(self) -> Layer:
        """Create and return Pebble framework layer."""
        layer_config = {
            "summary": "admission-webhook layer",
            "description": "Pebble config layer for admission-webhook-operator",
            "services": {
                self._container_name: {
                    .....
                    # Service details
                    .....
                    "on-check-failure": {"admission-webhook-up": "restart"},
                },
            },
            "checks": {
                "admission-webhook-up": {
                    "override": "replace",
                    "period": "30s",
                    "timeout": "20s",
                    "threshold": 4,
                    "tcp": {"port": self._port},
                }
            },
        }

If functioning correctly, the pebble service should be restarted when the service port is not listening on self._port
From what we see in the logs, the check does fail, but it is not restarting the service.
This is unexpected behavior from Pebble.

Issues with the pebble check

  • we see in the logs Check "admission-webhook-up" failure threshold 4 hit, triggering action when the threshold is hit for the first time, and yet the service is not restarted.
  • we see this log Check "admission-webhook-up" failure threshold 4 hit, triggering action only the first time that the threshold is hit, then all the other reported failures do not log this.

from admission-webhook-operator.

NohaIhab avatar NohaIhab commented on May 23, 2024

Proposed fix

to prevent Case 1 scenario discussed above from happening, a check that the cert files exist in the container can be added before going into update_layer.
If the cert files don't exist, we can just log that and do nothing, knowing that pebble_ready handler will be triggered later and the certs will be uploaded then.
fix now in PR #125

from admission-webhook-operator.

NohaIhab avatar NohaIhab commented on May 23, 2024

closing since this was fixed in #125 and backported in #126

from admission-webhook-operator.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.