-
Notifications
You must be signed in to change notification settings - Fork 263
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add --probe-liveness and --probe-readiness flags #1697
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dsimansk The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov Report
@@ Coverage Diff @@
## main #1697 +/- ##
==========================================
+ Coverage 79.73% 79.86% +0.13%
==========================================
Files 173 173
Lines 13277 13435 +158
==========================================
+ Hits 10586 10730 +144
- Misses 1960 1970 +10
- Partials 731 735 +4
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be a better idea to have separate flag(s) for probe options? The probe string seems a bit long and detailed to me and it also doesn't provide a way to update only the options
That's a good idea, I like it. The other possible improvement could be opinionated probe defaults wrt timeouts, thresholds, etc. @rhuss what would be your preference? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good for me in general, but I think we need to add to kn container
, too and maybe overthink how to provide the parameters for HTTP or HTTPS checks.
docs/cmd/kn_container_add.md
Outdated
@@ -40,6 +40,8 @@ kn container add NAME | |||
--limit strings The resource requirement limits for this Service. For example, 'cpu=100m,memory=256Mi'. You can use this flag multiple times. To unset a resource limit, append "-" to the resource name, e.g. '--limit memory-'. | |||
--mount stringArray Mount a ConfigMap (prefix cm: or config-map:), a Secret (prefix secret: or sc:), an EmptyDir (prefix ed: or emptyDir:)or an existing Volume (without any prefix) on the specified directory. Example: --mount /mydir=cm:myconfigmap, --mount /mydir=secret:mysecret, --mount /mydir=emptyDir:myvol or --mount /mydir=myvolume. When a configmap or a secret is specified, a corresponding volume is automatically generated. You can specify a volume subpath by following the volume name with slash separated path. Example: --mount /mydir=cm:myconfigmap/subpath/to/be/mounted. You can use this flag multiple times. For unmounting a directory, append "-", e.g. --mount /mydir-, which also removes any auto-generated volume. | |||
-p, --port string The port where application listens on, in the format 'NAME:PORT', where 'NAME' is optional. Examples: '--port h2c:8080' , '--port 8080'. | |||
--probe-liveness string Add liveness probe to Service deployment. Supported probe types are HTTGet, Exec and TCPSocket. Format: [http,https]:host:port:path;<common_opts>, exec:cmd,cmd,...;<common_opts>, tcp:host:port;<common_opts>. Common opts (comma separated, case insensitive): InitialDelaySeconds=<int_value>, FailureThreshold=<int_value>, SuccessThreshold=<int_value>, PeriodSeconds==<int_value>, TimeoutSeconds=<int_value> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder whether we could just use an http/https URL directly, which feels more natural. We could then parse the different segments (host, port, path) to put it into the probe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dsimansk @vyasgun what is your opinion on that ? One one hand, using separate parts reflect the structure of the prove itself (so might be more familiar for users with an k8s background), on the other hand, a URL is already a concise format for glueing together multiple parts. We could go even further and say for the exec and TCP probes to use "tcp://host:port" and "exec://cmd,cmd,cmd" kind of URLs.
At some time is probably a matter of taste.
Maybe start as you propose, but remove the optional part for now in favor for a dedicated cli option (see the other comment by @vyasgun ). wdyt ?
docs/cmd/kn_container_add.md
Outdated
@@ -40,6 +40,8 @@ kn container add NAME | |||
--limit strings The resource requirement limits for this Service. For example, 'cpu=100m,memory=256Mi'. You can use this flag multiple times. To unset a resource limit, append "-" to the resource name, e.g. '--limit memory-'. | |||
--mount stringArray Mount a ConfigMap (prefix cm: or config-map:), a Secret (prefix secret: or sc:), an EmptyDir (prefix ed: or emptyDir:)or an existing Volume (without any prefix) on the specified directory. Example: --mount /mydir=cm:myconfigmap, --mount /mydir=secret:mysecret, --mount /mydir=emptyDir:myvol or --mount /mydir=myvolume. When a configmap or a secret is specified, a corresponding volume is automatically generated. You can specify a volume subpath by following the volume name with slash separated path. Example: --mount /mydir=cm:myconfigmap/subpath/to/be/mounted. You can use this flag multiple times. For unmounting a directory, append "-", e.g. --mount /mydir-, which also removes any auto-generated volume. | |||
-p, --port string The port where application listens on, in the format 'NAME:PORT', where 'NAME' is optional. Examples: '--port h2c:8080' , '--port 8080'. | |||
--probe-liveness string Add liveness probe to Service deployment. Supported probe types are HTTGet, Exec and TCPSocket. Format: [http,https]:host:port:path;<common_opts>, exec:cmd,cmd,...;<common_opts>, tcp:host:port;<common_opts>. Common opts (comma separated, case insensitive): InitialDelaySeconds=<int_value>, FailureThreshold=<int_value>, SuccessThreshold=<int_value>, PeriodSeconds=<int_value>, TimeoutSeconds=<int_value> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder whether we could just use an URL instead of host:port:path as seems to be more natural for the user to provide ? If we need the parts separately we still can parse them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I was on the fence to have URL for HTTP probe, but I've opted for keeping the consistent format with other probe types. Not a strong preference though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO we can allow both URL format and current :
separated one. I.e. try to create URL from the string first and proceed accordingly.
docs/cmd/kn_service_update.md
Outdated
@@ -68,6 +68,8 @@ kn service update NAME | |||
--no-lock-to-digest Do not keep the running image for the service constant when not explicitly specifying the image. (--no-lock-to-digest pulls the image tag afresh with each new revision) | |||
--no-wait Do not wait for 'service update' operation to be completed. | |||
-p, --port string The port where application listens on, in the format 'NAME:PORT', where 'NAME' is optional. Examples: '--port h2c:8080' , '--port 8080'. | |||
--probe-liveness string Add liveness probe to Service deployment. Supported probe types are HTTGet, Exec and TCPSocket. Format: [http,https]:host:port:path;<common_opts>, exec:cmd,cmd,...;<common_opts>, tcp:host:port;<common_opts>. Common opts (comma separated, case insensitive): InitialDelaySeconds=<int_value>, FailureThreshold=<int_value>, SuccessThreshold=<int_value>, PeriodSeconds=<int_value>, TimeoutSeconds=<int_value> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one general concern: Liveness and readiness probes are part of the ContainerSpec, so in case you have multiple containers you can also have multiple probes. I think we should keep it like here for the main container but also add it to the kn container
commands (that's also one reason why we cant use pipes for the probe generation).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's auto-magically part of kn container add
flags because logic+flags are shared from our PodSpec
implementation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
However, it might be a bit tricky with sidecars.
https://github.com/knative/serving/blob/main/pkg/apis/serving/k8s_validation.go#L410-L411
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I see. So kn container add
should not allow those options. Are there any other container related options that might be applied only on the main-container ? If so, we might consider to restrict the possible options on container add
in the future. For now, I'm fine that we still have it, I guess it will lead to an error on the server side if somebody would use a probe on an extra container.
flagNames = append(flagNames, "probe-liveness") | ||
flagset.StringVarP(&p.ReadinessProbe, "probe-readiness", "", "", "Add readiness probe to Service deployment. "+ | ||
commonProbeDescription) | ||
flagNames = append(flagNames, "probe-readiness") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
at some point we should also add a probe-startup
for the startup probe (but not sure whether startup probes are supported by knative, we should check this)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's not supported, as far as I've seen.
https://github.com/knative/serving/blob/main/pkg/apis/serving/fieldmask.go#L274-L276
error: services.serving.knative.dev "hello" could not be patched: admission webhook "validation.webhook.serving.knative.dev" denied the request: validation failed: must not set the field(s): spec.template.spec.containers[0].startupProbe
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The flag should be a quick addition once enabled on the Serving side.
pkg/kn/flags/podspec_helper.go
Outdated
// - <probe_opts>;InitialDelaySeconds=<int_value>,FailureThreshold=<int_value>, | ||
// SuccessThreshold=<int_value>,PeriodSeconds==<int_value>,TimeoutSeconds=<int_value> | ||
func resolveProbe(probeString string) (*corev1.Probe, error) { | ||
parts := strings.Split(probeString, ";") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think that a value can contain also a ; ? Like as part of an argument for an exec probe ? I think this is quite unlikely, but not sure whether we should allows for escaping characters here. Maybe just continue like here and wait until the first bug reports occurs :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a bit of trimming done later in the other two resolve*
functions. That space wouldn't make it too far. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, let's keep it for now like it is.
handler := corev1.ProbeHandler{ | ||
Exec: &corev1.ExecAction{}, | ||
} | ||
cmd := strings.Split(probeParts[1], ",") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we allow for escaping ,
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A corner case of "that should be fine..." statement? :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep :-)
Yes, that's sounds good to me, too. Maybe in a first step we can just omit the options in this PR (just using defaults), and then deliver the options as separate argument in a patch (or regular) release ? |
I'll add a new flag for the options. Since the backbone impl for parsing it is already in place, it should be fairly quick. How do you like the name for it?
Just a note we will have 4 probe related flags:
|
Sounds good to me, let's keep it as short as possible (it's already quite a mouthful) |
Co-authored-by: Gunjan Vyas <vyasgun20@gmail.com>
/retest |
--mount stringArray Mount a ConfigMap (prefix cm: or config-map:), a Secret (prefix secret: or sc:), an EmptyDir (prefix ed: or emptyDir:), a PersistentVolumeClaim (prefix pvc: or persistentVolumeClaim) or an existing Volume (without any prefix) on the specified directory. Example: --mount /mydir=cm:myconfigmap, --mount /mydir=secret:mysecret, --mount /mydir=emptyDir:myvol or --mount /mydir=myvolume. When a configmap or a secret is specified, a corresponding volume is automatically generated. You can specify a volume subpath by following the volume name with slash separated path. Example: --mount /mydir=cm:myconfigmap/subpath/to/be/mounted. You can use this flag multiple times. For unmounting a directory, append "-", e.g. --mount /mydir-, which also removes any auto-generated volume. | ||
-p, --port string The port where application listens on, in the format 'NAME:PORT', where 'NAME' is optional. Examples: '--port h2c:8080' , '--port 8080'. | ||
--probe-liveness string Add liveness probe to Service deployment. Supported probe types are HTTGet, Exec and TCPSocket. Format: [http,https]:host:port:path, exec:cmd[,cmd,...], tcp:host:port. | ||
--probe-liveness-opts string Add common options to liveness probe. Common opts (comma separated, case insensitive): InitialDelaySeconds=<int_value>, FailureThreshold=<int_value>, SuccessThreshold=<int_value>, PeriodSeconds=<int_value>, TimeoutSeconds=<int_value> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are "common opts" or all "possible values" ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, they are.
/retest |
1 similar comment
/retest |
Thanks :) Adding hold for other reviewers /hold |
/lgtm |
/unhold |
/kind feature |
Description
Quick format example:
kn service create hello --image docker.io/dsimansk/helloworld --probe-liveness "http:::/;timeoutSeconds=60"
Changes
probe-liveness
probe-readiness
Reference
Fixes #1522
/cc @vyasgun @rhuss
Release Note