-
Notifications
You must be signed in to change notification settings - Fork 16.7k
[incubator/vault] Fix liveness check when vault is sealed or uninitialized #12043
Conversation
Hi @jbialy. Thanks for your PR. I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
/assign @scottrigby |
/assign @unguiculus |
/assign @mattfarina |
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
@unguiculus PTAL, it'd be great to get this merged! |
Someone please merge it. |
/ok-to-test |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jbialy, unguiculus The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…lized (helm#12043) * expect successful response if uninitialized or sealed for liveness check Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart version Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart ver Signed-off-by: Janusz Bialy <jbialy@gmail.com> * liveness check should pass if vault is sealed Signed-off-by: Janusz Bialy <jbialy@gmail.com> * vault should be considered alive if sealed and uninitilized Signed-off-by: Janusz Bialy <jbialy@gmail.com>
…lized (helm#12043) * expect successful response if uninitialized or sealed for liveness check Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart version Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart ver Signed-off-by: Janusz Bialy <jbialy@gmail.com> * liveness check should pass if vault is sealed Signed-off-by: Janusz Bialy <jbialy@gmail.com> * vault should be considered alive if sealed and uninitilized Signed-off-by: Janusz Bialy <jbialy@gmail.com>
…lized (helm#12043) * expect successful response if uninitialized or sealed for liveness check Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart version Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart ver Signed-off-by: Janusz Bialy <jbialy@gmail.com> * liveness check should pass if vault is sealed Signed-off-by: Janusz Bialy <jbialy@gmail.com> * vault should be considered alive if sealed and uninitilized Signed-off-by: Janusz Bialy <jbialy@gmail.com> Signed-off-by: Kevin Duane <duank001@apps.disney.com>
…lized (helm#12043) * expect successful response if uninitialized or sealed for liveness check Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart version Signed-off-by: Janusz Bialy <jbialy@gmail.com> * bump chart ver Signed-off-by: Janusz Bialy <jbialy@gmail.com> * liveness check should pass if vault is sealed Signed-off-by: Janusz Bialy <jbialy@gmail.com> * vault should be considered alive if sealed and uninitilized Signed-off-by: Janusz Bialy <jbialy@gmail.com>
What this PR does / why we need it:
Fixes issue related to the comment #9462 (review).
PR #9462 changed the liveness check from a simple TCP socket to using a httpGet request. However, when a Vault pod starts in either an
uninitialized
orsealed
state the default return codes from the/v1/sys/health
endpoint will cause the liveness check to fail resulting in aCrashLoopBackOff
.This PR addresses this issue by having the
/v1/sys/health
endpoint return a status code204
when Vault is eithersealed
oruninitialized
ensuring that the liveness check passes.Special notes for your reviewer:
There is also an issue filed under #11067, however it does not appear to be directly related to the original PR that this fix addresses.
This PR extends the work done in #11616.
Checklist