Merge pull request #18182 from hakman/azure-https-kops-controller

azure: Use HTTPS health check for kops-controller

Author: k8s-ci-robot

cmd/kops-controller/pkg/server/server.go

@@ -120,6 +120,7 @@ func NewServer(vfsContext *vfs.VFSContext, opt *config.Options, verifier bootstr
 	s.challengeClient = challengeClient
 
 	r := http.NewServeMux()
+	r.Handle("/healthz", http.HandlerFunc(healthCheck))
 	r.Handle("/bootstrap", http.HandlerFunc(s.bootstrap))
 	server.Handler = recovery(r)
 
@@ -154,6 +155,11 @@ func (s *Server) Start(ctx context.Context) error {
 	return s.server.ListenAndServeTLS(s.opt.Server.ServerCertificatePath, s.opt.Server.ServerKeyPath)
 }
 
+func healthCheck(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(http.StatusOK)
+	_, _ = w.Write([]byte("ok"))
+}
+
 func (s *Server) bootstrap(w http.ResponseWriter, r *http.Request) {
 	if r.Body == nil {
 		klog.Infof("bootstrap %s no body", r.RemoteAddr)

tests/integration/update_cluster/minimal_azure/kubernetes.tf

@@ -61,13 +61,14 @@ resource "azurerm_lb_backend_address_pool" "api-minimal-azure-example-com-backen
   name            = "LoadBalancerBackEnd"
 }
 
-resource "azurerm_lb_probe" "api-minimal-azure-example-com-Health-TCP-3988" {
+resource "azurerm_lb_probe" "api-minimal-azure-example-com-Health-HTTPS-3988" {
   interval_in_seconds = 15
   loadbalancer_id     = azurerm_lb.api-minimal-azure-example-com.id
-  name                = "Health-TCP-3988"
+  name                = "Health-HTTPS-3988"
   number_of_probes    = 4
   port                = 3988
-  protocol            = "Tcp"
+  protocol            = "Https"
+  request_path        = "/healthz"
 }
 
 resource "azurerm_lb_probe" "api-minimal-azure-example-com-Health-TCP-443" {
@@ -89,7 +90,7 @@ resource "azurerm_lb_rule" "api-minimal-azure-example-com-TCP-3988" {
   load_distribution              = "Default"
   loadbalancer_id                = azurerm_lb.api-minimal-azure-example-com.id
   name                           = "TCP-3988"
-  probe_id                       = azurerm_lb_probe.api-minimal-azure-example-com-Health-TCP-3988.id
+  probe_id                       = azurerm_lb_probe.api-minimal-azure-example-com-Health-HTTPS-3988.id
   protocol                       = "Tcp"
 }
 

upup/pkg/fi/cloudup/azuretasks/loadbalancer.go

@@ -250,10 +250,11 @@ func (*LoadBalancer) RenderAzure(t *azure.AzureAPITarget, a, e, changes *LoadBal
 
 	if slices.Contains(e.WellKnownServices, wellknownservices.KopsController) {
 		lb.Properties.Probes = append(lb.Properties.Probes, &network.Probe{
-			Name: to.Ptr("Health-TCP-3988"),
+			Name: to.Ptr("Health-HTTPS-3988"),
 			Properties: &network.ProbePropertiesFormat{
-				Protocol:          to.Ptr(network.ProbeProtocolTCP),
+				Protocol:          to.Ptr(network.ProbeProtocolHTTPS),
 				Port:              to.Ptr[int32](wellknownports.KopsControllerPort),
+				RequestPath:       to.Ptr("/healthz"),
 				IntervalInSeconds: to.Ptr[int32](15),
 				NumberOfProbes:    to.Ptr[int32](4),
 			},
@@ -274,7 +275,7 @@ func (*LoadBalancer) RenderAzure(t *azure.AzureAPITarget, a, e, changes *LoadBal
 					ID: to.Ptr(fmt.Sprintf("/%s/loadbalancers/%s/backendAddressPools/%s", idPrefix, *e.Name, *to.Ptr("LoadBalancerBackEnd"))),
 				},
 				Probe: &network.SubResource{
-					ID: to.Ptr(fmt.Sprintf("/%s/loadbalancers/%s/probes/%s", idPrefix, *e.Name, *to.Ptr("Health-TCP-3988"))),
+					ID: to.Ptr(fmt.Sprintf("/%s/loadbalancers/%s/probes/%s", idPrefix, *e.Name, *to.Ptr("Health-HTTPS-3988"))),
 				},
 			},
 		})

upup/pkg/fi/cloudup/azuretasks/loadbalancer_terraform.go

@@ -57,6 +57,7 @@ type terraformAzureLoadBalancerProbe struct {
 	LoadBalancerID    *terraformWriter.Literal `cty:"loadbalancer_id"`
 	Protocol          *string                  `cty:"protocol"`
 	Port              *int32                   `cty:"port"`
+	RequestPath       *string                  `cty:"request_path"`
 	IntervalInSeconds *int32                   `cty:"interval_in_seconds"`
 	NumberOfProbes    *int32                   `cty:"number_of_probes"`
 }
@@ -118,18 +119,21 @@ func (*LoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
 		if err != nil {
 			return err
 		}
-		probeName := fmt.Sprintf("Health-TCP-%d", port)
+
+		probeProtocol, probeNamePrefix, probeRequestPath := wellKnownServiceProbe(service)
+		probeName := fmt.Sprintf("Health-%s-%d", probeNamePrefix, port)
 		ruleName := fmt.Sprintf("TCP-%d", port)
 		probeResourceName := fmt.Sprintf("%s-%s", fi.ValueOf(e.Name), probeName)
 		ruleResourceName := fmt.Sprintf("%s-%s", fi.ValueOf(e.Name), ruleName)
 
-		protocol := "Tcp"
+		ruleProtocol := "Tcp"
 		loadDistribution := "Default"
 		if err := t.RenderResource("azurerm_lb_probe", probeResourceName, &terraformAzureLoadBalancerProbe{
 			Name:              &probeName,
 			LoadBalancerID:    e.terraformID(),
-			Protocol:          &protocol,
+			Protocol:          &probeProtocol,
 			Port:              fi.PtrTo(port),
+			RequestPath:       probeRequestPath,
 			IntervalInSeconds: fi.PtrTo[int32](15),
 			NumberOfProbes:    fi.PtrTo[int32](4),
 		}); err != nil {
@@ -139,7 +143,7 @@ func (*LoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
 		if err := t.RenderResource("azurerm_lb_rule", ruleResourceName, &terraformAzureLoadBalancerRule{
 			Name:                        &ruleName,
 			LoadBalancerID:              e.terraformID(),
-			Protocol:                    &protocol,
+			Protocol:                    &ruleProtocol,
 			FrontendPort:                fi.PtrTo(port),
 			BackendPort:                 fi.PtrTo(port),
 			FrontendIPConfigurationName: fi.PtrTo(terraformAzureLoadBalancerFrontendName),
@@ -164,6 +168,17 @@ func (lb *LoadBalancer) terraformBackendAddressPoolID() *terraformWriter.Literal
 	return terraformWriter.LiteralProperty("azurerm_lb_backend_address_pool", fmt.Sprintf("%s-backend-pool", fi.ValueOf(lb.Name)), "id")
 }
 
+// wellKnownServiceProbe returns the probe protocol (for terraform), probe name prefix (for resource naming),
+// and request path for the given service.
+func wellKnownServiceProbe(service wellknownservices.WellKnownService) (protocol string, namePrefix string, requestPath *string) {
+	switch service {
+	case wellknownservices.KopsController:
+		return "Https", "HTTPS", fi.PtrTo("/healthz")
+	default:
+		return "Tcp", "TCP", nil
+	}
+}
+
 func wellKnownServicePort(service wellknownservices.WellKnownService) (int32, error) {
 	switch service {
 	case wellknownservices.KubeAPIServer: