This repository was archived by the owner on Feb 22, 2022. It is now read-only.
[incubator/vault] Fix liveness check when vault is sealed or uninitialized #12043
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
helm-bot
added
the
size/XS
|
Hi @jbialy. Thanks for your PR. I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-ok-to-test
helm-bot
added
size/XS
added 2 commits
March 9, 2019 20:30
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
helm-bot
added
Contribution Allowed
|
/assign @scottrigby |
|
/assign @unguiculus |
|
/assign @mattfarina |
helm-bot
added
size/XS
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
helm-bot
added
Contribution Allowed
|
@unguiculus PTAL, it'd be great to get this merged! |
|
Someone please merge it. |
|
/ok-to-test |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jbialy, unguiculus The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
lgtm
rmccorm4
pushed a commit
to rmccorm4/charts
that referenced
this pull request
Mar 26, 2019
…lized (helm#12043) * expect successful response if uninitialized or sealed for liveness check Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart version Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart ver Signed-off-by: Janusz Bialy <jbialy@gmail.com> * liveness check should pass if vault is sealed Signed-off-by: Janusz Bialy <jbialy@gmail.com> * vault should be considered alive if sealed and uninitilized Signed-off-by: Janusz Bialy <jbialy@gmail.com>
crackmac
pushed a commit
to crackmac/charts
that referenced
this pull request
Mar 29, 2019
…lized (helm#12043) * expect successful response if uninitialized or sealed for liveness check Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart version Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart ver Signed-off-by: Janusz Bialy <jbialy@gmail.com> * liveness check should pass if vault is sealed Signed-off-by: Janusz Bialy <jbialy@gmail.com> * vault should be considered alive if sealed and uninitilized Signed-off-by: Janusz Bialy <jbialy@gmail.com>
crackmac
pushed a commit
to crackmac/charts
that referenced
this pull request
Mar 29, 2019
…lized (helm#12043) * expect successful response if uninitialized or sealed for liveness check Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart version Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart ver Signed-off-by: Janusz Bialy <jbialy@gmail.com> * liveness check should pass if vault is sealed Signed-off-by: Janusz Bialy <jbialy@gmail.com> * vault should be considered alive if sealed and uninitilized Signed-off-by: Janusz Bialy <jbialy@gmail.com> Signed-off-by: Kevin Duane <duank001@apps.disney.com>
devnulled
pushed a commit
to devnulled/charts
that referenced
this pull request
Apr 25, 2019
…lized (helm#12043) * expect successful response if uninitialized or sealed for liveness check Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart version Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart ver Signed-off-by: Janusz Bialy <jbialy@gmail.com> * liveness check should pass if vault is sealed Signed-off-by: Janusz Bialy <jbialy@gmail.com> * vault should be considered alive if sealed and uninitilized Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Fixes issue related to the comment #9462 (review).
PR #9462 changed the liveness check from a simple TCP socket to using a httpGet request. However, when a Vault pod starts in either an
uninitializedorsealedstate the default return codes from the/v1/sys/healthendpoint will cause the liveness check to fail resulting in aCrashLoopBackOff.This PR addresses this issue by having the
/v1/sys/healthendpoint return a status code204when Vault is eithersealedoruninitializedensuring that the liveness check passes.Special notes for your reviewer:
There is also an issue filed under #11067, however it does not appear to be directly related to the original PR that this fix addresses.
This PR extends the work done in #11616.
Checklist