istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Convert health check test to new model (#7126) 

* Convert health check test to new model

* fix cleanup
This commit is contained in:
Frank Budinsky 2020-04-22 14:18:58 -04:00 committed by GitHub
parent 290ff5fa8e
commit 99d4febb16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 186 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
content/en/docs/ops/configuration/mesh/app-health-check/index.md
View File

@ -10,6 +10,7 @@ aliases:
- /docs/ops/app-health-check - /docs/ops/app-health-check
- /docs/ops/setup/app-health-check - /docs/ops/setup/app-health-check
keywords: [security,health-check] keywords: [security,health-check]
test: true
--- ---
[Kubernetes liveness and readiness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) [Kubernetes liveness and readiness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/)
@ -169,12 +170,12 @@ Instructions below assume you turn on the feature globally via install option.
Annotations works the same. Annotations works the same.
{{< text bash >}} {{< text bash >}}
$ kubectl delete -f <(istioctl kube-inject -f @samples/health-check/liveness-http-same-port.yaml@) $ kubectl create ns istio-same-port
$ kubectl apply -f <(istioctl kube-inject -f @samples/health-check/liveness-http-same-port.yaml@) $ kubectl -n istio-same-port apply -f <(istioctl kube-inject -f @samples/health-check/liveness-http-same-port.yaml@)
{{< /text >}} {{< /text >}}
{{< text bash >}} {{< text bash >}}
$ kubectl get pod $ kubectl -n istio-same-port get pod
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
liveness-http-975595bb6-5b2z7c 2/2 Running 0 1m liveness-http-975595bb6-5b2z7c 2/2 Running 0 1m
{{< /text >}} {{< /text >}}
@ -189,14 +190,14 @@ Another alternative is to use separate port for health checking and regular traf
Run these commands to re-deploy the service: Run these commands to re-deploy the service:
{{< text bash >}} {{< text bash >}}
$ kubectl delete -f <(istioctl kube-inject -f @samples/health-check/liveness-http.yaml@) $ kubectl create ns istio-sep-port
$ kubectl apply -f <(istioctl kube-inject -f @samples/health-check/liveness-http.yaml@) $ kubectl -n istio-sep-port apply -f <(istioctl kube-inject -f @samples/health-check/liveness-http.yaml@)
{{< /text >}} {{< /text >}}
Wait for a minute and check the pod status to make sure the liveness probes work with '0' in the 'RESTARTS' column. Wait for a minute and check the pod status to make sure the liveness probes work with '0' in the 'RESTARTS' column.
{{< text bash >}} {{< text bash >}}
$ kubectl get pod $ kubectl -n istio-sep-port get pod
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
liveness-http-67d5db65f5-765bb 2/2 Running 0 1m liveness-http-67d5db65f5-765bb 2/2 Running 0 1m
{{< /text >}} {{< /text >}}
@ -208,7 +209,5 @@ Note that the image in [liveness-http]({{< github_file >}}/samples/health-check/
Remove the mutual TLS policy and corresponding destination rule added in the steps above: Remove the mutual TLS policy and corresponding destination rule added in the steps above:
{{< text bash >}} {{< text bash >}}
$ kubectl delete policies default $ kubectl delete ns istio-io-health istio-same-port istio-sep-port
$ kubectl delete destinationrules default
$ kubectl delete ns istio-io-health
{{< /text >}} {{< /text >}}

136
content/en/docs/ops/configuration/mesh/app-health-check/snips.sh Normal file
View File

@ -0,0 +1,136 @@
#!/bin/bash
# Copyright Istio Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
####################################################################################################
# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
# docs/ops/configuration/mesh/app-health-check/index.md
####################################################################################################
snip_liveness_and_readiness_probes_with_command_option_1() {
kubectl create ns istio-io-health
}
snip_liveness_and_readiness_probes_with_command_option_2() {
kubectl apply -f - <<EOF
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
name: "default"
namespace: "istio-io-health"
spec:
peers:
- mtls: {}
EOF
}
snip_liveness_and_readiness_probes_with_command_option_3() {
kubectl apply -f - <<EOF
apiVersion: "networking.istio.io/v1alpha3"
kind: "DestinationRule"
metadata:
name: "default"
namespace: "istio-io-health"
spec:
host: "*.default.svc.cluster.local"
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
EOF
}
snip_liveness_and_readiness_probes_with_command_option_4() {
kubectl -n istio-io-health apply -f <(istioctl kube-inject -f samples/health-check/liveness-command.yaml)
}
snip_liveness_and_readiness_probes_with_command_option_5() {
kubectl -n istio-io-health get pod
}
# shellcheck disable=SC2034
! read -r -d '' snip_liveness_and_readiness_probes_with_command_option_5_out <<ENDSNIP
NAME READY STATUS RESTARTS AGE
liveness-6857c8775f-zdv9r 2/2 Running 0 4m
ENDSNIP
snip_enable_globally_via_install_option_1() {
kubectl get cm istio-sidecar-injector -n istio-system -o yaml | sed -e 's/"rewriteAppHTTPProbe": false/"rewriteAppHTTPProbe": true/' | kubectl apply -f -
}
# shellcheck disable=SC2034
! read -r -d '' snip_use_annotations_on_pod_1 <<ENDSNIP
apiVersion: apps/v1
kind: Deployment
metadata:
name: liveness-http
spec:
selector:
matchLabels:
app: liveness-http
version: v1
template:
metadata:
labels:
app: liveness-http
version: v1
annotations:
sidecar.istio.io/rewriteAppHTTPProbers: "true"
spec:
containers:
- name: liveness-http
image: docker.io/istio/health:example
ports:
- containerPort: 8001
livenessProbe:
httpGet:
path: /foo
port: 8001
initialDelaySeconds: 5
periodSeconds: 5
ENDSNIP
snip_redeploy_the_liveness_health_check_app_1() {
kubectl create ns istio-same-port
kubectl -n istio-same-port apply -f <(istioctl kube-inject -f samples/health-check/liveness-http-same-port.yaml)
}
snip_redeploy_the_liveness_health_check_app_2() {
kubectl -n istio-same-port get pod
}
# shellcheck disable=SC2034
! read -r -d '' snip_redeploy_the_liveness_health_check_app_2_out <<ENDSNIP
NAME READY STATUS RESTARTS AGE
liveness-http-975595bb6-5b2z7c 2/2 Running 0 1m
ENDSNIP
snip_separate_port_1() {
kubectl create ns istio-sep-port
kubectl -n istio-sep-port apply -f <(istioctl kube-inject -f samples/health-check/liveness-http.yaml)
}
snip_separate_port_2() {
kubectl -n istio-sep-port get pod
}
# shellcheck disable=SC2034
! read -r -d '' snip_separate_port_2_out <<ENDSNIP
NAME READY STATUS RESTARTS AGE
liveness-http-67d5db65f5-765bb 2/2 Running 0 1m
ENDSNIP
snip_cleanup_1() {
kubectl delete ns istio-io-health istio-same-port istio-sep-port
}

6
tests/README.md
View File

@ -144,9 +144,9 @@ The framework includes the following built-in verify functions:
- Same number of whitespace-seperated tokens per line - Same number of whitespace-seperated tokens per line
- Tokens can only differ in the following ways: - Tokens can only differ in the following ways:
1. different elapsed time values (e.g., `30s`) 1. different elapsed time values (e.g., `30s` is like `5m`)
1. different ip values (e.g., `172.21.0.1`) 1. different ip values (e.g., `172.21.0.1` is like `10.0.0.31`)
1. prefix match ending with a dash character (e.g., `reviews-v1-<anything>`) 1. prefix match ending with a dash character (e.g., `reviews-v1-12345...` is like `reviews-v1-67890...`)
This function is useful for comparing the output of commands that include some run-specific This function is useful for comparing the output of commands that include some run-specific
values in the output (e.g., `kubectl get pods`), or when whitespace in the output may be different. values in the output (e.g., `kubectl get pods`), or when whitespace in the output may be different.

13
tests/configuration/scripts/cleanup.txt
View File

@ -18,11 +18,8 @@ set -e
set -u set -u
set -o pipefail set -o pipefail
# $snippet cleanup.sh syntax="bash" source ${REPO_ROOT}/content/en/docs/ops/configuration/mesh/app-health-check/snips.sh
$ kubectl -n istio-io-health delete policies default
$ kubectl -n istio-io-health delete destinationrules default snip_cleanup_1
$ kubectl delete ns istio-io-health
$ kubectl delete ns health-global kubectl delete ns health-annotate
$ kubectl delete ns health-annotate
$ kubectl delete ns health-sepport
# $endsnippet

50
tests/configuration/scripts/liveness_and_readiness_probes_with_command.txt
View File

@ -18,49 +18,19 @@ set -e
set -u set -u
set -o pipefail set -o pipefail
$ kubectl create ns istio-io-health source ${REPO_ROOT}/content/en/docs/ops/configuration/mesh/app-health-check/snips.sh
# $snippet auth_policy.sh syntax="bash" snip_liveness_and_readiness_probes_with_command_option_1
$ kubectl apply -f - <<EOF
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
name: "default"
namespace: "istio-io-health"
spec:
peers:
- mtls: {}
EOF
# $endsnippet
# $snippet destination_rule.sh syntax="bash" snip_liveness_and_readiness_probes_with_command_option_2
$ kubectl apply -f - <<EOF
apiVersion: "networking.istio.io/v1alpha3"
kind: "DestinationRule"
metadata:
name: "default"
namespace: "istio-io-health"
spec:
host: "*.default.svc.cluster.local"
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
EOF
# $endsnippet
# $snippet deploy_service.sh syntax="bash" snip_liveness_and_readiness_probes_with_command_option_3
$ kubectl -n istio-io-health apply -f <(istioctl kube-inject -f @samples/health-check/liveness-command.yaml@)
# $endsnippet
$ kubectl -n istio-io-health rollout status deployment liveness --timeout 60s snip_liveness_and_readiness_probes_with_command_option_4
# $snippet liveness_check_status.sh syntax="bash" outputis="text" kubectl -n istio-io-health rollout status deployment liveness --timeout 60s
$ kubectl -n istio-io-health get pod
# $verify verifier="lineRegex"
NAME *READY *STATUS *RESTARTS *AGE
liveness-[0-9a-z]*-[0-9a-z]* *2/2 *Running *0 ?
# $endsnippet
# $snippet delete_liveness_service.sh syntax="bash" out=$(snip_liveness_and_readiness_probes_with_command_option_5 2>&1)
$ kubectl -n istio-io-health delete -f <(istioctl kube-inject -f @samples/health-check/liveness-command.yaml@) _verify_like "$out" "$snip_liveness_and_readiness_probes_with_command_option_5_out" "snip_liveness_and_readiness_probes_with_command_option_5"
# $endsnippet
kubectl -n istio-io-health delete -f samples/health-check/liveness-command.yaml

52
tests/configuration/scripts/liveness_and_readiness_probes_with_http_annotations.txt
View File

@ -18,49 +18,17 @@ set -e
set -u set -u
set -o pipefail set -o pipefail
$ kubectl create ns health-annotate source ${REPO_ROOT}/content/en/docs/ops/configuration/mesh/app-health-check/snips.sh
# $snippet annotate_pod.sh syntax="bash" kubectl create ns health-annotate
$ kubectl -n health-annotate apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: liveness-http
spec:
selector:
matchLabels:
app: liveness-http
template:
metadata:
labels:
app: liveness-http
version: v1
annotations:
sidecar.istio.io/rewriteAppHTTPProbers: "true"
spec:
containers:
- name: liveness-http
image: docker.io/istio/health:example
ports:
- containerPort: 8001
livenessProbe:
httpGet:
path: /foo
port: 8001
initialDelaySeconds: 5
periodSeconds: 5
EOF
# $endsnippet
$ kubectl -n health-annotate rollout status deployment liveness-http --timeout 30s echo "$snip_use_annotations_on_pod_1" | kubectl -n health-annotate apply -f -
# $snippet re-deploy_with_annotation_check_status.sh syntax="bash" outputis="text" kubectl -n health-annotate rollout status deployment liveness-http --timeout 30s
$ kubectl -n health-annotate get pod
# $verify verifier="lineRegex"
NAME *READY *STATUS *RESTARTS *AGE
liveness-http-[0-9a-z]*-[0-9a-z]* *1/1 *Running *0 ?
# $endsnippet
# $snippet delete_deploy_with_annotation.sh syntax="bash" out=$(kubectl -n health-annotate get pod 2>&1)
$ kubectl -n health-annotate delete deploy/liveness-http expected="NAME READY STATUS RESTARTS AGE
# $endsnippet liveness-http-975595bb6-5b2z7c 1/1 Running 0 1m"
_verify_like "$out" "$expected" "verify_health-annotate_pod"
kubectl -n health-annotate delete deploy/liveness-http

28
tests/configuration/scripts/liveness_and_readiness_probes_with_http_globally.txt
View File

@ -18,29 +18,17 @@ set -e
set -u set -u
set -o pipefail set -o pipefail
$ kubectl create ns health-global source ${REPO_ROOT}/content/en/docs/ops/configuration/mesh/app-health-check/snips.sh
# $snippet update_config_map.sh syntax="bash" snip_enable_globally_via_install_option_1
kubectl get cm istio-sidecar-injector -n istio-system -o yaml | sed -e 's/"rewriteAppHTTPProbe":false/"rewriteAppHTTPProbe":true/' | kubectl apply -f -
# $endsnippet
# $snippet globally_re-deploy.sh syntax="bash" snip_redeploy_the_liveness_health_check_app_1
$ kubectl -n health-global apply -f <(istioctl kube-inject -f @samples/health-check/liveness-http-same-port.yaml@)
# $endsnippet
$ kubectl -n health-global rollout status deployment liveness-http --timeout 60s kubectl -n istio-same-port rollout status deployment liveness-http --timeout 60s
# $snippet re-deploy_globally_check_status.sh syntax="bash" outputis="text" out=$(snip_redeploy_the_liveness_health_check_app_2 2>&1)
$ kubectl -n health-global get pod _verify_like "$out" "$snip_redeploy_the_liveness_health_check_app_2_out" "snip_redeploy_the_liveness_health_check_app_2"
# $verify verifier="lineRegex"
NAME *READY *STATUS *RESTARTS *AGE
liveness-http-[0-9a-z]*-[0-9a-z]* *2/2 *Running *0 ?
# $endsnippet
# $snippet delete_globally_deploy.sh syntax="bash" kubectl -n istio-same-port delete -f samples/health-check/liveness-http-same-port.yaml
$ kubectl -n health-global delete -f <(istioctl kube-inject -f @samples/health-check/liveness-http-same-port.yaml@)
# $endsnippet
# $snippet revert_config_map.sh syntax="bash" kubectl get cm istio-sidecar-injector -n istio-system -o yaml | sed -e 's/"rewriteAppHTTPProbe": true/"rewriteAppHTTPProbe": false/' | kubectl apply -f -
kubectl get cm istio-sidecar-injector -n istio-system -o yaml | sed -e 's/"rewriteAppHTTPProbe":true/"rewriteAppHTTPProbe":false/' | kubectl apply -f -
# $endsnippet

20
tests/configuration/scripts/liveness_and_readiness_probes_with_http_separate_port.txt
View File

@ -18,21 +18,13 @@ set -e
set -u set -u
set -o pipefail set -o pipefail
$ kubectl create ns health-sepport source ${REPO_ROOT}/content/en/docs/ops/configuration/mesh/app-health-check/snips.sh
# $snippet with_separate_port.sh syntax="bash" snip_separate_port_1
$ kubectl -n health-sepport apply -f <(istioctl kube-inject -f @samples/health-check/liveness-http.yaml@)
# $endsnippet
$ kubectl -n health-sepport rollout status deployment liveness-http --timeout 60s kubectl -n istio-sep-port rollout status deployment liveness-http --timeout 60s
# $snippet separate_port_check_status.sh syntax="bash" outputis="text" out=$(snip_separate_port_2 2>&1)
$ kubectl -n health-sepport get pod _verify_like "$out" "$snip_separate_port_2_out" "snip_separate_port_2"
# $verify verifier="lineRegex"
NAME *READY *STATUS *RESTARTS *AGE
liveness-http-[0-9a-z]*-[0-9a-z]* *2/2 *Running *0 ?
# $endsnippet
# $snippet delete_with_separate_port.sh syntax="bash" kubectl -n istio-sep-port delete -f samples/health-check/liveness-http.yaml
$ kubectl -n health-sepport delete -f <(istioctl kube-inject -f @samples/health-check/liveness-http.yaml@)
# $endsnippet