Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New internal gRPC health client instead of grpc-health-probe binary #475

Merged
merged 3 commits into from
Nov 10, 2023
Merged

New internal gRPC health client instead of grpc-health-probe binary #475

merged 3 commits into from
Nov 10, 2023

Conversation

zolug
Copy link
Collaborator

@zolug zolug commented Nov 3, 2023
edited
Loading

Description

Refer to the related issue.

Kubernetes native grpc probes are not introduced, because it does not seem to support servers using unix sockets (hence grpc-health-probe binary cannot be removed from the images):
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#httpgetaction-v1-core

Issue link

#474

Checklist

  • Purpose
    • Bug fix
    • New functionality
    • Documentation
    • Refactoring
    • CI
  • Test
    • Unit test
    • E2E Test
    • Tested manually
  • Introduce a breaking change
    • Yes (description required)
    • No

@zolug zolug added the kind/enhancement New feature or request label Nov 3, 2023
LionelJouin
LionelJouin reviewed Nov 10, 2023
View reviewed changes
Copy link
Member

@LionelJouin LionelJouin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you update the documentation of the NSP component:
https://github.com/Nordix/Meridio/blob/master/docs/components/nsp.md#health-check
Here is an example with the IPAM: https://github.com/Nordix/Meridio/blob/master/docs/components/ipam.md#health-check

zolug added 3 commits November 10, 2023 14:03
@zolug
Custom grpc-health-probe client implementation
05ae5df 
Replace grpc-health-probe binary in case of running probes
internally invoked from code. The custom health-probe client
is contained within the caller process (instead of forking a
new PID). Thus, attestation related Spire load could be lowered
when using SPIFFE issued credentials to check TLS servers.
@zolug
Update NSP readiness probe
ec93556 
- NSP to use custom gRPC health server for readiness probe
  that does not require the spiffe option.
- The TLS server of NSP is probed by an internal gRPC probe.
- Operator also updated to deploy NSP with new probe.
@zolug
Custom gRPC health server improvements
27c4543 
The same subservice can be part of multiple probe services.
(Probe services are "named" kubernetes probe types referred
to as "Startup", "Readiness" or "Liveness" in Meridio.)
@zolug zolug merged commit cc2f6e7 into master Nov 10, 2023
@zolug zolug deleted the probe-impr branch March 4, 2024 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LionelJouin LionelJouin LionelJouin approved these changes

Assignees
No one assigned
Labels
kind/enhancement New feature or request
Projects
Meridio
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zolug @LionelJouin