Add --probe-liveness and --probe-readiness flags

[dsimansk]

Description

Quick format example:

// =======================================================================================
// Probes

// resolveProbe parses probes as a string
// It's split into two functions:
//   - resolveProbeOptions() -> common probe opts
//   - resolveProbeHandler() -> probe handler [HTTPGet, Exec, TCPSocket]
// Format:
//	- [http,https]:host:port:path;<common_opts>
//	- exec:cmd,cmd,...;<common_opts>
//  - tcp:host:port;<common_opts>
// Common opts (comma separated, case insensitive):
//	- <probe_opts>;InitialDelaySeconds=<int_value>,FailureThreshold=<int_value>,
//  	SuccessThreshold=<int_value>,PeriodSeconds==<int_value>,TimeoutSeconds=<int_value>

kn service create hello --image docker.io/dsimansk/helloworld --probe-liveness "http:::/;timeoutSeconds=60" 

Changes

• Add flag probe-liveness
• Add flag probe-readiness
• TODO: examples, more tests

Reference

Fixes #1522

/cc @vyasgun @rhuss

Release Note

Add --probe-* flags to manage liveness and readiness probes

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dsimansk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dsimansk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Merging #1697 (65de98a) into main (f2dd5fc) will increase coverage by 0.13%.
The diff coverage is 91.13%.

@@            Coverage Diff             @@
##             main    #1697      +/-   ##
==========================================
+ Coverage   79.73%   79.86%   +0.13%     
==========================================
  Files         173      173              
  Lines       13277    13435     +158     
==========================================
+ Hits        10586    10730     +144     
- Misses       1960     1970      +10     
- Partials      731      735       +4     

Impacted Files	Coverage Δ
pkg/kn/flags/podspec.go	75.43% <58.82%> (-2.26%)	⬇️
pkg/kn/flags/podspec_helper.go	85.21% <100.00%> (+2.95%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f2dd5fc...65de98a. Read the comment docs.

[vyasgun]

Would it be a better idea to have separate flag(s) for probe options? The probe string seems a bit long and detailed to me and it also doesn't provide a way to update only the options

[dsimansk]

Would it be a better idea to have separate flag(s) for probe options? The probe string seems a bit long and detailed to me and it also doesn't provide a way to update only the options

That's a good idea, I like it. The other possible improvement could be opinionated probe defaults wrt timeouts, thresholds, etc.

@rhuss what would be your preference?

[rhuss]

Looks good for me in general, but I think we need to add to kn container, too and maybe overthink how to provide the parameters for HTTP or HTTPS checks.

[rhuss]

I wonder whether we could just use an http/https URL directly, which feels more natural. We could then parse the different segments (host, port, path) to put it into the probe.

[rhuss]

@dsimansk @vyasgun what is your opinion on that ? One one hand, using separate parts reflect the structure of the prove itself (so might be more familiar for users with an k8s background), on the other hand, a URL is already a concise format for glueing together multiple parts. We could go even further and say for the exec and TCP probes to use "tcp://host:port" and "exec://cmd,cmd,cmd" kind of URLs.

At some time is probably a matter of taste.

Maybe start as you propose, but remove the optional part for now in favor for a dedicated cli option (see the other comment by @vyasgun ). wdyt ?

[rhuss]

I wonder whether we could just use an URL instead of host:port:path as seems to be more natural for the user to provide ? If we need the parts separately we still can parse them.

[dsimansk]

Yep, I was on the fence to have URL for HTTP probe, but I've opted for keeping the consistent format with other probe types. Not a strong preference though.

[dsimansk]

IMO we can allow both URL format and current : separated one. I.e. try to create URL from the string first and proceed accordingly.

[rhuss]

one general concern: Liveness and readiness probes are part of the ContainerSpec, so in case you have multiple containers you can also have multiple probes. I think we should keep it like here for the main container but also add it to the kn container commands (that's also one reason why we cant use pipes for the probe generation).

[dsimansk]

That's auto-magically part of kn container add flags because logic+flags are shared from our PodSpec implementation.

[dsimansk]

However, it might be a bit tricky with sidecars.
https://github.com/knative/serving/blob/main/pkg/apis/serving/k8s_validation.go#L410-L411

[rhuss]

Ah, I see. So kn container add should not allow those options. Are there any other container related options that might be applied only on the main-container ? If so, we might consider to restrict the possible options on container add in the future. For now, I'm fine that we still have it, I guess it will lead to an error on the server side if somebody would use a probe on an extra container.

[rhuss]

at some point we should also add a probe-startup for the startup probe (but not sure whether startup probes are supported by knative, we should check this)

[dsimansk]

That's not supported, as far as I've seen.

Per: https://github.com/knative/serving/blob/main/pkg/apis/serving/k8s_validation.go#L513-L520

https://github.com/knative/serving/blob/main/pkg/apis/serving/fieldmask.go#L274-L276

error: services.serving.knative.dev "hello" could not be patched: admission webhook "validation.webhook.serving.knative.dev" denied the request: validation failed: must not set the field(s): spec.template.spec.containers[0].startupProbe

[dsimansk]

The flag should be a quick addition once enabled on the Serving side.

[rhuss]

Do you think that a value can contain also a ; ? Like as part of an argument for an exec probe ? I think this is quite unlikely, but not sure whether we should allows for escaping characters here. Maybe just continue like here and wait until the first bug reports occurs :-)

[dsimansk]

There's a bit of trimming done later in the other two resolve* functions. That space wouldn't make it too far. :)

[rhuss]

Ok, let's keep it for now like it is.

[rhuss]

Should we allow for escaping , ?

[dsimansk]

A corner case of "that should be fine..." statement? :)

[rhuss]

yep :-)

[rhuss]

Would it be a better idea to have separate flag(s) for probe options? The probe string seems a bit long and detailed to me and it also doesn't provide a way to update only the options

That's a good idea, I like it. The other possible improvement could be opinionated probe defaults wrt timeouts, thresholds, etc.

@rhuss what would be your preference?

Yes, that's sounds good to me, too. Maybe in a first step we can just omit the options in this PR (just using defaults), and then deliver the options as separate argument in a patch (or regular) release ?

[dsimansk]

Would it be a better idea to have separate flag(s) for probe options? The probe string seems a bit long and detailed to me and it also doesn't provide a way to update only the options

That's a good idea, I like it. The other possible improvement could be opinionated probe defaults wrt timeouts, thresholds, etc.
@rhuss what would be your preference?

Yes, that's sounds good to me, too. Maybe in a first step we can just omit the options in this PR (just using defaults), and then deliver the options as separate argument in a patch (or regular) release ?

I'll add a new flag for the options. Since the backbone impl for parsing it is already in place, it should be fairly quick.

How do you like the name for it? --probe-*-opts or --probe*-options?

--probe-liveness-opts

--probe-readiness-options

Just a note we will have 4 probe related flags:

--probe-liveness
--probe-liveness-opts
--probe-readiness
--probe-readiness-opts

[rhuss]

--probe-liveness
--probe-liveness-opts
--probe-readiness
--probe-readiness-opts

Sounds good to me, let's keep it as short as possible (it's already quite a mouthful)

[dsimansk]

/retest

[rhuss]

These are "common opts" or all "possible values" ?

[dsimansk]

Yes, they are.

[dsimansk]

/retest

[dsimansk]

/retest

[vyasgun]

Thanks :) Adding hold for other reviewers

/hold

[vyasgun]

/lgtm

[dsimansk]

/unhold

[dsimansk]

/kind feature