Skip to content
This repository was archived by the owner on Feb 22, 2022. It is now read-only.

[incubator/vault] Fix liveness check when vault is sealed or uninitialized #12043

Merged
merged 6 commits into from
Mar 24, 2019
Merged

[incubator/vault] Fix liveness check when vault is sealed or uninitialized #12043

merged 6 commits into from
Mar 24, 2019

Conversation

jbialy
Copy link
Contributor

@jbialy jbialy commented Mar 10, 2019

What this PR does / why we need it:

Fixes issue related to the comment #9462 (review).

PR #9462 changed the liveness check from a simple TCP socket to using a httpGet request. However, when a Vault pod starts in either an uninitialized or sealed state the default return codes from the /v1/sys/health endpoint will cause the liveness check to fail resulting in a CrashLoopBackOff .

This PR addresses this issue by having the /v1/sys/health endpoint return a status code 204 when Vault is either sealed or uninitialized ensuring that the liveness check passes.

Special notes for your reviewer:

There is also an issue filed under #11067, however it does not appear to be directly related to the original PR that this fix addresses.

This PR extends the work done in #11616.

Checklist

  • DCO signed
  • Chart Version bumped
  • Variables are documented in the README.md

@helm-bot helm-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Mar 10, 2019
@k8s-ci-robot
Copy link
Contributor

Hi @jbialy. Thanks for your PR.

I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Mar 10, 2019
@helm-bot helm-bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Mar 10, 2019
Janusz Bialy added 2 commits March 9, 2019 20:30
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
@helm-bot helm-bot added Contribution Allowed If the contributor has signed the DCO or the CNCF CLA (prior to the move to a DCO). size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Mar 10, 2019
@jbialy
Copy link
Contributor Author

jbialy commented Mar 10, 2019

/assign @scottrigby

@jbialy
Copy link
Contributor Author

jbialy commented Mar 10, 2019

/assign @unguiculus

@jbialy
Copy link
Contributor Author

jbialy commented Mar 10, 2019

/assign @mattfarina

@helm-bot helm-bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. Contribution Allowed If the contributor has signed the DCO or the CNCF CLA (prior to the move to a DCO). labels Mar 16, 2019
jbialy added 3 commits March 16, 2019 12:23
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
@helm-bot helm-bot added Contribution Allowed If the contributor has signed the DCO or the CNCF CLA (prior to the move to a DCO). size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Mar 16, 2019
@jbialy
Copy link
Contributor Author

jbialy commented Mar 16, 2019

@unguiculus PTAL, it'd be great to get this merged!

@okgolove
Copy link
Collaborator

Someone please merge it.
This is really annoying thing.

@unguiculus
Copy link
Member

/ok-to-test
/lgtm

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jbialy, unguiculus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 24, 2019
@k8s-ci-robot k8s-ci-robot merged commit 0df6fe9 into helm:master Mar 24, 2019
rmccorm4 pushed a commit to rmccorm4/charts that referenced this pull request Mar 26, 2019
…lized (helm#12043)

* expect successful response if uninitialized or sealed for liveness check

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart version

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart ver

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* liveness check should pass if vault is sealed

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* vault should be considered alive if sealed and uninitilized

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
crackmac pushed a commit to crackmac/charts that referenced this pull request Mar 29, 2019
…lized (helm#12043)

* expect successful response if uninitialized or sealed for liveness check

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart version

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart ver

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* liveness check should pass if vault is sealed

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* vault should be considered alive if sealed and uninitilized

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
crackmac pushed a commit to crackmac/charts that referenced this pull request Mar 29, 2019
…lized (helm#12043)

* expect successful response if uninitialized or sealed for liveness check

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart version

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart ver

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* liveness check should pass if vault is sealed

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* vault should be considered alive if sealed and uninitilized

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Kevin Duane <duank001@apps.disney.com>
devnulled pushed a commit to devnulled/charts that referenced this pull request Apr 25, 2019
…lized (helm#12043)

* expect successful response if uninitialized or sealed for liveness check

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart version

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart ver

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* liveness check should pass if vault is sealed

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* vault should be considered alive if sealed and uninitilized

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
@jbialy jbialy deleted the fix-liveness-check branch October 8, 2019 14:38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. Contribution Allowed If the contributor has signed the DCO or the CNCF CLA (prior to the move to a DCO). lgtm Indicates that a PR is ready to be merged. ok-to-test size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants