From 3fa00f11f307dc710715a769e113ff8bb4fcde20 Mon Sep 17 00:00:00 2001 From: Joao Marcal Date: Wed, 23 Mar 2022 16:51:15 +0000 Subject: [PATCH 1/4] Adds readinessProbe and livenessProbe to prometheus-adapter jsonnet Problem: Currently the prometheus-adapter pods are restarted at the same time even though the deployment is configured with strategy RollingUpdate. This happens because the kubelet does not know when the prometheus-adapter pods are ready to start receiving requests. Solution: Add both readinessProbe and livenessProbe to the prometheus-adapter, this way the kubelet will know when either the pod stoped working and should be restarted or simply when it ready to start receiving requests. Issue: https://bugzilla.redhat.com/show_bug.cgi?id=2048333 --- .../components/prometheus-adapter.libsonnet | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index be633f0c..586c40e3 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -220,6 +220,26 @@ function(params) { '--tls-cipher-suites=' + std.join(',', pa._config.tlsCipherSuites), ], resources: pa._config.resources, + readinessProbe: { + httpGet: { + path: '/readyz', + port: 'https', + scheme: 'HTTPS', + }, + initialDelaySeconds: 30, + periodSeconds: 5, + failureThreshold: 5, + }, + livenessProbe: { + httpGet: { + path: '/livez', + port: 'https', + scheme: 'HTTPS', + }, + initialDelaySeconds: 30, + periodSeconds: 5, + failureThreshold: 5, + }, ports: [{ containerPort: 6443 }], volumeMounts: [ { name: 'tmpfs', mountPath: '/tmp', readOnly: false }, From 26c83294816f1b1d0387a82a5de1d612026ab041 Mon Sep 17 00:00:00 2001 From: Joao Marcal Date: Wed, 30 Mar 2022 07:23:05 +0100 Subject: [PATCH 2/4] Adds YAML for jsonnet modified in the previous commit --- manifests/prometheusAdapter-deployment.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/manifests/prometheusAdapter-deployment.yaml b/manifests/prometheusAdapter-deployment.yaml index 159ca06c..df1b5081 100644 --- a/manifests/prometheusAdapter-deployment.yaml +++ b/manifests/prometheusAdapter-deployment.yaml @@ -37,9 +37,25 @@ spec: - --secure-port=6443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA image: k8s.gcr.io/prometheus-adapter/prometheus-adapter:v0.9.1 + livenessProbe: + failureThreshold: 5 + httpGet: + path: /livez + port: https + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 5 name: prometheus-adapter ports: - containerPort: 6443 + readinessProbe: + failureThreshold: 5 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 5 resources: limits: cpu: 250m From a38f7012a98cec2b92f780ede6d7f6369d06d70b Mon Sep 17 00:00:00 2001 From: Joao Marcal Date: Wed, 30 Mar 2022 14:01:48 +0100 Subject: [PATCH 3/4] Adds port name to prometheus-adapter jsonnet --- jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 586c40e3..192e845d 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -240,7 +240,7 @@ function(params) { periodSeconds: 5, failureThreshold: 5, }, - ports: [{ containerPort: 6443 }], + ports: [{ containerPort: 6443, name: 'https' }], volumeMounts: [ { name: 'tmpfs', mountPath: '/tmp', readOnly: false }, { name: 'volume-serving-cert', mountPath: '/var/run/serving-cert', readOnly: false }, From 508722d5db8bf41198d725e4a1001b592155d771 Mon Sep 17 00:00:00 2001 From: Joao Marcal Date: Wed, 30 Mar 2022 15:35:36 +0100 Subject: [PATCH 4/4] Adds YAML for jsonnet modified for prometheus-adapter --- manifests/prometheusAdapter-deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/prometheusAdapter-deployment.yaml b/manifests/prometheusAdapter-deployment.yaml index df1b5081..cf3e3222 100644 --- a/manifests/prometheusAdapter-deployment.yaml +++ b/manifests/prometheusAdapter-deployment.yaml @@ -48,6 +48,7 @@ spec: name: prometheus-adapter ports: - containerPort: 6443 + name: https readinessProbe: failureThreshold: 5 httpGet: