diff --git a/charts/kube-ovn/templates/controller-deploy.yaml b/charts/kube-ovn/templates/controller-deploy.yaml index 13cc27976d0..5c43dd6a178 100644 --- a/charts/kube-ovn/templates/controller-deploy.yaml +++ b/charts/kube-ovn/templates/controller-deploy.yaml @@ -169,12 +169,14 @@ spec: exec: command: - /kube-ovn/kube-ovn-controller-healthcheck + - --tls={{- .Values.func.SECURE_SERVING }} periodSeconds: 3 timeoutSeconds: 45 livenessProbe: exec: command: - /kube-ovn/kube-ovn-controller-healthcheck + - --tls={{- .Values.func.SECURE_SERVING }} initialDelaySeconds: 300 periodSeconds: 7 failureThreshold: 5 diff --git a/cmd/controller_health_check/controller_health_check.go b/cmd/controller_health_check/controller_health_check.go index d77fbe83934..7e04769210f 100644 --- a/cmd/controller_health_check/controller_health_check.go +++ b/cmd/controller_health_check/controller_health_check.go @@ -1,25 +1,49 @@ package controller_health_check import ( - "net" + "flag" "os" "time" + "github.com/spf13/pflag" + "k8s.io/klog/v2" + "github.com/kubeovn/kube-ovn/pkg/util" ) func CmdMain() { + tls := pflag.Bool("tls", false, "Whether kube-ovn-controller uses TLS") + + klogFlags := flag.NewFlagSet("klog", flag.ExitOnError) + klog.InitFlags(klogFlags) + + // sync the glog and klog flags. + pflag.CommandLine.VisitAll(func(f1 *pflag.Flag) { + f2 := klogFlags.Lookup(f1.Name) + if f2 != nil { + value := f1.Value.String() + if err := f2.Value.Set(value); err != nil { + util.LogFatalAndExit(err, "failed to set pflag") + } + } + }) + + pflag.CommandLine.AddGoFlagSet(klogFlags) + pflag.CommandLine.AddGoFlagSet(flag.CommandLine) + pflag.Parse() + addr := "127.0.0.1:10660" if os.Getenv("ENABLE_BIND_LOCAL_IP") == "true" { addr = util.JoinHostPort(os.Getenv("POD_IP"), 10660) } - conn, err := net.DialTimeout("tcp", addr, 3*time.Second) - if err != nil { - util.LogFatalAndExit(err, "failed to probe the socket") + if *tls { + addr = "tls://" + addr + } else { + addr = "tcp://" + addr } - err = conn.Close() - if err != nil { - util.LogFatalAndExit(err, "failed to close connection") + + if err := util.DialTCP(addr, time.Second, false); err != nil { + util.LogFatalAndExit(err, "failed to probe the socket") } } diff --git a/dist/images/install.sh b/dist/images/install.sh index de8459e5b2f..6dc342a0d1a 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -4209,12 +4209,14 @@ spec: exec: command: - /kube-ovn/kube-ovn-controller-healthcheck + - --tls=${SECURE_SERVING} periodSeconds: 3 timeoutSeconds: 45 livenessProbe: exec: command: - /kube-ovn/kube-ovn-controller-healthcheck + - --tls=${SECURE_SERVING} initialDelaySeconds: 300 periodSeconds: 7 failureThreshold: 5 diff --git a/pkg/util/k8s.go b/pkg/util/k8s.go index 1ade1cc1bdc..bec7946c4bb 100644 --- a/pkg/util/k8s.go +++ b/pkg/util/k8s.go @@ -2,6 +2,7 @@ package util import ( "context" + "crypto/tls" "encoding/json" "fmt" "net" @@ -18,24 +19,46 @@ import ( "k8s.io/klog/v2" ) -func DialAPIServer(host string) error { +func DialTCP(host string, timeout time.Duration, verbose bool) error { u, err := url.Parse(host) if err != nil { return fmt.Errorf("failed to parse host %q: %v", host, err) } + var conn net.Conn address := net.JoinHostPort(u.Hostname(), u.Port()) - timer := time.NewTimer(3 * time.Second) + switch u.Scheme { + case "tcp", "http": + conn, err = net.DialTimeout("tcp", address, timeout) + case "tls", "https": + config := &tls.Config{InsecureSkipVerify: true} // #nosec G402 + conn, err = tls.DialWithDialer(&net.Dialer{Timeout: timeout}, "tcp", address, config) + default: + return fmt.Errorf("unsupported scheme %q", u.Scheme) + } + + if err == nil { + if verbose { + klog.Infof("succeeded to dial host %q", host) + } + _ = conn.Close() + return nil + } + + return fmt.Errorf("timed out dialing host %q", host) +} + +func DialAPIServer(host string) error { + interval := 3 * time.Second + timer := time.NewTimer(interval) for i := 0; i < 10; i++ { - conn, err := net.DialTimeout("tcp", address, 3*time.Second) + err := DialTCP(host, interval, true) if err == nil { - klog.Infof("succeeded to dial apiserver %q", address) - _ = conn.Close() return nil } - klog.Warningf("failed to dial apiserver %q: %v", address, err) + klog.Warningf("failed to dial apiserver %q: %v", host, err) <-timer.C - timer.Reset(3 * time.Second) + timer.Reset(interval) } return fmt.Errorf("timed out dialing apiserver %q", host)