Skip to content

Fix the readiness probe using a sidecar container #109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Fix the readiness probe using a sidecar container #109

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
9818241
Fix the readiness probe using a sidecar container
lobo-ppi Nov 15, 2024
dec191f
Restrict role just to the helm chart pod
lobo-ppi Dec 13, 2024
f322647
Make readiness check via pod lable patcher optin
lobo-ppi Dec 13, 2024
fc9e2f5
Fix namespace to chart namespace
lobo-ppi Dec 16, 2024
a927f74
Fix volume mounts to work in all cases
lobo-ppi Dec 16, 2024
4deac3c
Add less verbose state checking logs
lobo-ppi Dec 16, 2024
61cb6a2
Add readiness role selector to loadbalancer + nodeport
lobo-ppi Jan 6, 2025
9643ed2
Fix label-patcher role and rb to include qm name
lobo-ppi Mar 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions charts/ibm-mq/templates/role-binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- if .Values.readinessProbe.useLabelPatcher }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "ibm-mq.fullname" ( . ) }}-label-patcher-binding
labels:
{{- include "ibm-mq.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ibm-mq.fullname" ( . ) }}-label-patcher
subjects:
- kind: ServiceAccount
name: {{ include "ibm-mq.fullname" ( . ) }}
namespace: {{ .Release.Namespace }}
{{ end -}}
19 changes: 19 additions & 0 deletions charts/ibm-mq/templates/role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{{- if .Values.readinessProbe.useLabelPatcher }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "ibm-mq.fullname" ( . ) }}-label-patcher
labels:
{{- include "ibm-mq.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["pods"]
resourceNames: [
{{ include "ibm-mq.pod0.name" . }},
{{- if .Values.queueManager.nativeha.enable }}
{{ include "ibm-mq.pod1.name" . }},
{{ include "ibm-mq.pod2.name" . }}
{{- end }}
]
verbs: ["get", "list","patch"]
{{ end -}}
3 changes: 3 additions & 0 deletions charts/ibm-mq/templates/service-loadbalancer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,7 @@ spec:
{{- end }}
selector:
{{- include "ibm-mq.selectorLabels" . | nindent 4 }}
{{- if .Values.readinessProbe.useLabelPatcher }}
role: master
{{- end }}
{{- end }}
3 changes: 3 additions & 0 deletions charts/ibm-mq/templates/service-qm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,7 @@ spec:
name: qmgr
selector:
{{- include "ibm-mq.selectorLabels" . | nindent 4 }}
{{- if .Values.readinessProbe.useLabelPatcher }}
role: master
{{- end }}
{{- end }}
3 changes: 3 additions & 0 deletions charts/ibm-mq/templates/service-web.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,7 @@ spec:
name: console-https
selector:
{{- include "ibm-mq.selectorLabels" . | nindent 4 }}
{{- if .Values.readinessProbe.useLabelPatcher }}
role: master
{{- end }}
{{- end }}
3 changes: 3 additions & 0 deletions charts/ibm-mq/templates/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,6 @@ spec:
name: qmgr
selector:
{{- include "ibm-mq.selectorLabels" . | nindent 4 }}
{{- if .Values.readinessProbe.useLabelPatcher }}
role: master
{{- end }}
58 changes: 58 additions & 0 deletions charts/ibm-mq/templates/stateful-set.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,8 @@ spec:
volumes:
{{- else if .Values.web.manualConfig.configMap.name }}
volumes:
{{- else if .Values.readinessProbe.useLabelPatcher }}
volumes:
{{- else if .Values.web.manualConfig.secret.name }}
volumes:
{{- end}}
Expand Down Expand Up @@ -272,8 +274,49 @@ spec:
defaultMode: 420
secretName: {{ .Values.credentials.secret }}
{{- end }}
{{- if .Values.readinessProbe.useLabelPatcher }}
- name: state
emptyDir: {}
{{- end }}
terminationGracePeriodSeconds: {{.Values.queueManager.terminationGracePeriodSeconds}}
containers:
{{- if .Values.readinessProbe.useLabelPatcher }}
- name: state-checker
command:
- sh
- '-c'
- >
sleep 20;
while true; do
sleep $(($RANDOM % 5 + 5));
KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
echo "Checking state of the queue manager"
STATE=$(cat /etc/mqm/state/test)
if [ $STATE -eq 0 ]; then
echo "Queue manager is active"
echo "Patching the label"
curl -sSk -H "Authorization: Bearer $KUBE_TOKEN" \
--request PATCH \
--header "Content-Type: application/json-patch+json" \
--data '[ { "op": "replace", "path": "/metadata/labels/role", "value": "master" } ]' \
https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/$NAMESPACE/pods/$HOSTNAME > /dev/null
else
echo "Queue manager is not active"
echo "Patching the label"
curl -sSk -H "Authorization: Bearer $KUBE_TOKEN" \
--header "Content-Type: application/json-patch+json" \
--request PATCH \
--data '[ { "op": "replace", "path": "/metadata/labels/role", "value": "standby" } ]' \
https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/$NAMESPACE/pods/$HOSTNAME > /dev/null
fi
done
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/mqm/state
name: state
{{- end }}
- name: qmgr
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
Expand Down Expand Up @@ -370,6 +413,8 @@ spec:
volumeMounts:
{{- else if .Values.web.manualConfig.secret.name }}
volumeMounts:
{{- else if .Values.readinessProbe.useLabelPatcher }}
volumeMounts:
{{- end}}
{{- if .Values.queueManager.nativeha.tls }}
{{- if .Values.queueManager.nativeha.tls.secretName }}
Expand Down Expand Up @@ -465,6 +510,10 @@ spec:
- name: mq-credentials
mountPath: "/var/run/secrets"
{{- end }}
{{- if .Values.readinessProbe.useLabelPatcher }}
- name: state
mountPath: /etc/mqm/state
{{- end }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: {{ .Values.security.readOnlyRootFilesystem }}
Expand Down Expand Up @@ -492,8 +541,17 @@ spec:
# Set readiness probe to determine if the MQ listener is running
readinessProbe:
exec:
{{- if .Values.readinessProbe.useLabelPatcher }}
command:
- sh
- '-c'
- >
chkmqready;
echo $? > /etc/mqm/state/test
{{- else }}
command:
- chkmqready
{{- end }}
{{- if or .Values.queueManager.nativeha.enable .Values.queueManager.multiinstance.enable }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 0 }}
{{- else }}
Expand Down
1 change: 1 addition & 0 deletions charts/ibm-mq/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ livenessProbe:

# readinessProbe section specifies setting for the MQ readiness probe, which checks when the MQ listener is running
readinessProbe:
useLabelPatcher: false
initialDelaySeconds:
periodSeconds: 5
timeoutSeconds: 3
Expand Down