From 12fc1fc1e0179f6178c456b6a3d9430f4f88ea90 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Tue, 30 Jun 2020 07:48:13 -0700 Subject: [PATCH] deprecate readiness probes (#159) depends on MinIO PR based on new findings https://github.com/minio/minio/pull/9941 --- docs/operator-fields.md | 1 - examples/minioinstance-kes.yaml | 15 ++--------- examples/minioinstance-mcs.yaml | 15 ++--------- .../minioinstance-pod-security-policy.yaml | 20 ++++----------- examples/minioinstance.yaml | 17 ++----------- pkg/apis/operator.min.io/v1/constants.go | 16 ++---------- pkg/apis/operator.min.io/v1/helper.go | 12 --------- pkg/apis/operator.min.io/v1/types.go | 10 -------- .../v1/zz_generated.deepcopy.go | 21 ---------------- pkg/resources/services/service.go | 25 ++++++++----------- .../statefulsets/minio-statefulset.go | 22 +++------------- 11 files changed, 27 insertions(+), 147 deletions(-) diff --git a/docs/operator-fields.md b/docs/operator-fields.md index 66ac95b0786..435483675cd 100644 --- a/docs/operator-fields.md +++ b/docs/operator-fields.md @@ -35,7 +35,6 @@ MinIO Operator creates native Kubernetes resources within the cluster. If the Mi | spec.externalCertSecret | Set an external secret with private key and certificate to be used to enabled TLS on MinIOInstance pods. Note that only one of `spec.requestAutoCert` or `spec.externalCertSecret` should be enabled at a time. Follow [the document here](https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret) to create the secret to be passed in this section. | | spec.resources | Specify CPU and Memory resources for each MinIOInstance container. Refer [this document](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-types) for details. | | spec.liveness | Add liveness check for MinIOInstance containers. Refer [this document](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command) for details. | -| spec.readiness | Add readiness check for MinIOInstance containers. Only single node MinIOInstance container should enable readiness checks. Refer [this document](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command) for details. | | spec.nodeSelector | Add a selector which must be true for the MinIOInstance pod to fit on a node. Refer [this document](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) for details.| | spec.tolerations | Define a toleration for the MinIOInstance pod to match on a taint. Refer [this document](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) for details. | | spec.securityContext | Define a security context for the MinIOInstance pod. Refer [this document](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for details. | diff --git a/examples/minioinstance-kes.yaml b/examples/minioinstance-kes.yaml index dd423e7868a..2cfcf14fa88 100644 --- a/examples/minioinstance-kes.yaml +++ b/examples/minioinstance-kes.yaml @@ -115,8 +115,6 @@ spec: ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## for details. Defaults to "Parallel" - ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only - ## work if PodManagementPolicy is set to "Parallel". podManagementPolicy: Parallel ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate. ## Internal DNS name for the pod will be used if CommonName is not provided. @@ -145,17 +143,8 @@ spec: ## is not working properly and needs restart. Kubernetes automatically ## restarts the pods if liveness checks fail. liveness: - initialDelaySeconds: 120 - periodSeconds: 15 - timeoutSeconds: 12 # should always greater than MINIO_API_READY_DEADLINE (which defaults to 10s) - ## Readiness probe detects situations when MinIO server instance - ## is not ready to accept traffic. Kubernetes doesn't forward - ## traffic to the pod while readiness checks fail. - ## Readiness check will only work if PodManagementPolicy is set to "Parallel". - ## Disable this check if you're setting PodManagementPolicy to "OrderedReady". - readiness: - initialDelaySeconds: 120 - periodSeconds: 15 + initialDelaySeconds: 10 + periodSeconds: 1 timeoutSeconds: 1 ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be ## eligible to run on a node, the node must have each of the diff --git a/examples/minioinstance-mcs.yaml b/examples/minioinstance-mcs.yaml index 043331e7103..65186046bcc 100644 --- a/examples/minioinstance-mcs.yaml +++ b/examples/minioinstance-mcs.yaml @@ -102,8 +102,6 @@ spec: ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## for details. Defaults to "Parallel" - ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only - ## work if PodManagementPolicy is set to "Parallel". podManagementPolicy: Parallel ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate. ## Internal DNS name for the pod will be used if CommonName is not provided. @@ -132,17 +130,8 @@ spec: ## is not working properly and needs restart. Kubernetes automatically ## restarts the pods if liveness checks fail. liveness: - initialDelaySeconds: 120 - periodSeconds: 15 - timeoutSeconds: 12 # should always greater than MINIO_API_READY_DEADLINE (which defaults to 10s) - ## Readiness probe detects situations when MinIO server instance - ## is not ready to accept traffic. Kubernetes doesn't forward - ## traffic to the pod while readiness checks fail. - ## Readiness check will only work if PodManagementPolicy is set to "Parallel". - ## Disable this check if you're setting PodManagementPolicy to "OrderedReady". - readiness: - initialDelaySeconds: 120 - periodSeconds: 15 + initialDelaySeconds: 10 + periodSeconds: 1 timeoutSeconds: 1 ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be ## eligible to run on a node, the node must have each of the diff --git a/examples/minioinstance-pod-security-policy.yaml b/examples/minioinstance-pod-security-policy.yaml index b7f6ebbae51..ca402f92e95 100644 --- a/examples/minioinstance-pod-security-policy.yaml +++ b/examples/minioinstance-pod-security-policy.yaml @@ -53,11 +53,11 @@ kind: ClusterRole metadata: name: minio-pods-role rules: -- apiGroups: +- apiGroups: - "policy" - resources: + resources: - "podsecuritypolicies" - verbs: + verbs: - "use" resourceNames: - "minio-pods-policy" @@ -129,8 +129,6 @@ spec: ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## for details. Defaults to "Parallel" - ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only - ## work if PodManagementPolicy is set to "Parallel". podManagementPolicy: Parallel ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret @@ -166,16 +164,8 @@ spec: ## is not working properly and needs restart. Kubernetes automatically ## restarts the pods if liveness checks fail. liveness: - initialDelaySeconds: 120 - periodSeconds: 60 - ## Readiness probe detects situations when MinIO server instance - ## is not ready to accept traffic. Kubernetes doesn't forward - ## traffic to the pod while readiness checks fail. - ## Readiness check will only work if PodManagementPolicy is set to "Parallel". - ## Disable this check if you're setting PodManagementPolicy to "OrderedReady". - readiness: - initialDelaySeconds: 120 - periodSeconds: 60 + initialDelaySeconds: 10 + periodSeconds: 1 ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be ## eligible to run on a node, the node must have each of the ## indicated key-value pairs as labels. diff --git a/examples/minioinstance.yaml b/examples/minioinstance.yaml index 741ec0a1c66..2cf1d6fe964 100644 --- a/examples/minioinstance.yaml +++ b/examples/minioinstance.yaml @@ -75,8 +75,6 @@ spec: ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## for details. Defaults to "Parallel" - ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only - ## work if PodManagementPolicy is set to "Parallel". podManagementPolicy: Parallel ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret @@ -100,8 +98,6 @@ spec: # value: storage ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) # env: - # - name: MINIO_API_READY_DEADLINE - # value: "10s" # - name: MINIO_BROWSER # value: "off" # to turn-off browser # - name: MINIO_STORAGE_CLASS_STANDARD @@ -114,17 +110,8 @@ spec: ## is not working properly and needs restart. Kubernetes automatically ## restarts the pods if liveness checks fail. liveness: - initialDelaySeconds: 120 - periodSeconds: 15 - timeoutSeconds: 12 # should always greater than MINIO_API_READY_DEADLINE (which defaults to 10s) - ## Readiness probe detects situations when MinIO server instance - ## is not ready to accept traffic. Kubernetes doesn't forward - ## traffic to the pod while readiness checks fail. - ## Readiness check will only work if PodManagementPolicy is set to "Parallel". - ## Disable this check if you're setting PodManagementPolicy to "OrderedReady". - readiness: - initialDelaySeconds: 120 - periodSeconds: 15 + initialDelaySeconds: 10 + periodSeconds: 1 timeoutSeconds: 1 ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be ## eligible to run on a node, the node must have each of the diff --git a/pkg/apis/operator.min.io/v1/constants.go b/pkg/apis/operator.min.io/v1/constants.go index b59e0e5c25d..0982f7eb967 100644 --- a/pkg/apis/operator.min.io/v1/constants.go +++ b/pkg/apis/operator.min.io/v1/constants.go @@ -90,26 +90,14 @@ const DefaultVolumesPerServer = 1 // DefaultZoneName specifies the default zone name const DefaultZoneName = "zone-0" -// ReadinessPath specifies the endpoint for readiness check -const ReadinessPath = "/minio/health/ready" - -// ReadinessInitialDelay specifies the initial delay in calling the readiness endpoint -const ReadinessInitialDelay = 120 - -// ReadinessPeriod specifies the interval in calling the readiness endpoint -const ReadinessPeriod = 15 - -// ReadinessTimeout specifies the timeout for the readiness probe to expect a response -const ReadinessTimeout = 12 - // LivenessPath specifies the endpoint for liveness check const LivenessPath = "/minio/health/live" // LivenessInitialDelay specifies the initial delay in calling the liveness endpoint -const LivenessInitialDelay = 120 +const LivenessInitialDelay = 10 // LivenessPeriod specifies the interval in calling the liveness endpoint -const LivenessPeriod = 15 +const LivenessPeriod = 1 // LivenessTimeout specifies the timeout for the liveness probe to expect a response const LivenessTimeout = 1 diff --git a/pkg/apis/operator.min.io/v1/helper.go b/pkg/apis/operator.min.io/v1/helper.go index 26d76bce355..af6fbb1e1b0 100644 --- a/pkg/apis/operator.min.io/v1/helper.go +++ b/pkg/apis/operator.min.io/v1/helper.go @@ -183,18 +183,6 @@ func (mi *MinIOInstance) EnsureDefaults() *MinIOInstance { } } - if mi.Spec.Readiness != nil { - if mi.Spec.Readiness.InitialDelaySeconds == 0 { - mi.Spec.Readiness.InitialDelaySeconds = ReadinessInitialDelay - } - if mi.Spec.Readiness.PeriodSeconds == 0 { - mi.Spec.Readiness.PeriodSeconds = ReadinessPeriod - } - if mi.Spec.Readiness.TimeoutSeconds == 0 { - mi.Spec.Readiness.TimeoutSeconds = ReadinessTimeout - } - } - if mi.Spec.Liveness != nil { if mi.Spec.Liveness.InitialDelaySeconds == 0 { mi.Spec.Liveness.InitialDelaySeconds = LivenessInitialDelay diff --git a/pkg/apis/operator.min.io/v1/types.go b/pkg/apis/operator.min.io/v1/types.go index 7c4af2b8a0e..3b4c0a8aca5 100644 --- a/pkg/apis/operator.min.io/v1/types.go +++ b/pkg/apis/operator.min.io/v1/types.go @@ -103,9 +103,6 @@ type MinIOInstanceSpec struct { // Liveness Probe for container liveness. Container will be restarted if the probe fails. // +optional Liveness *Liveness `json:"liveness,omitempty"` - // Readiness Probe for container readiness. Container will be removed from service endpoints if the probe fails. - // +optional - Readiness *Readiness `json:"readiness,omitempty"` // RequestAutoCert allows user to enable Kubernetes based TLS cert generation and signing as explained here: // https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ // +optional @@ -166,13 +163,6 @@ type Liveness struct { TimeoutSeconds int32 `json:"timeoutSeconds"` } -// Readiness specifies the spec for liveness probe -type Readiness struct { - InitialDelaySeconds int32 `json:"initialDelaySeconds"` - PeriodSeconds int32 `json:"periodSeconds"` - TimeoutSeconds int32 `json:"timeoutSeconds"` -} - // MCSConfig defines the specifications for MCS Deployment type MCSConfig struct { // Replicas defines number of pods for KES StatefulSet. diff --git a/pkg/apis/operator.min.io/v1/zz_generated.deepcopy.go b/pkg/apis/operator.min.io/v1/zz_generated.deepcopy.go index 8355e719720..60bc5caf13b 100644 --- a/pkg/apis/operator.min.io/v1/zz_generated.deepcopy.go +++ b/pkg/apis/operator.min.io/v1/zz_generated.deepcopy.go @@ -263,11 +263,6 @@ func (in *MinIOInstanceSpec) DeepCopyInto(out *MinIOInstanceSpec) { *out = new(Liveness) **out = **in } - if in.Readiness != nil { - in, out := &in.Readiness, &out.Readiness - *out = new(Readiness) - **out = **in - } if in.CertConfig != nil { in, out := &in.CertConfig, &out.CertConfig *out = new(CertificateConfig) @@ -329,22 +324,6 @@ func (in *MinIOInstanceStatus) DeepCopy() *MinIOInstanceStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Readiness) DeepCopyInto(out *Readiness) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Readiness. -func (in *Readiness) DeepCopy() *Readiness { - if in == nil { - return nil - } - out := new(Readiness) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Zone) DeepCopyInto(out *Zone) { *out = *in diff --git a/pkg/resources/services/service.go b/pkg/resources/services/service.go index 4a1ee78af22..6c6149d4c14 100644 --- a/pkg/resources/services/service.go +++ b/pkg/resources/services/service.go @@ -35,10 +35,9 @@ func NewClusterIPForMinIO(mi *miniov1.MinIOInstance) *corev1.Service { OwnerReferences: mi.OwnerRef(), }, Spec: corev1.ServiceSpec{ - PublishNotReadyAddresses: true, - Ports: []corev1.ServicePort{minioPort}, - Selector: mi.MinIOPodLabels(), - Type: corev1.ServiceTypeClusterIP, + Ports: []corev1.ServicePort{minioPort}, + Selector: mi.MinIOPodLabels(), + Type: corev1.ServiceTypeClusterIP, }, } @@ -56,11 +55,10 @@ func NewHeadlessForMinIO(mi *miniov1.MinIOInstance) *corev1.Service { OwnerReferences: mi.OwnerRef(), }, Spec: corev1.ServiceSpec{ - PublishNotReadyAddresses: true, - Ports: []corev1.ServicePort{minioPort}, - Selector: mi.MinIOPodLabels(), - Type: corev1.ServiceTypeClusterIP, - ClusterIP: corev1.ClusterIPNone, + Ports: []corev1.ServicePort{minioPort}, + Selector: mi.MinIOPodLabels(), + Type: corev1.ServiceTypeClusterIP, + ClusterIP: corev1.ClusterIPNone, }, } @@ -78,11 +76,10 @@ func NewHeadlessForKES(mi *miniov1.MinIOInstance) *corev1.Service { OwnerReferences: mi.OwnerRef(), }, Spec: corev1.ServiceSpec{ - PublishNotReadyAddresses: true, - Ports: []corev1.ServicePort{kesPort}, - Selector: mi.KESPodLabels(), - Type: corev1.ServiceTypeClusterIP, - ClusterIP: corev1.ClusterIPNone, + Ports: []corev1.ServicePort{kesPort}, + Selector: mi.KESPodLabels(), + Type: corev1.ServiceTypeClusterIP, + ClusterIP: corev1.ClusterIPNone, }, } diff --git a/pkg/resources/statefulsets/minio-statefulset.go b/pkg/resources/statefulsets/minio-statefulset.go index 9de6a75cf0b..1ad3f27e4d9 100644 --- a/pkg/resources/statefulsets/minio-statefulset.go +++ b/pkg/resources/statefulsets/minio-statefulset.go @@ -145,27 +145,12 @@ func volumeMounts(mi *miniov1.MinIOInstance) (mounts []corev1.VolumeMount) { return mounts } -func probes(mi *miniov1.MinIOInstance) (readiness, liveness *corev1.Probe) { +func probes(mi *miniov1.MinIOInstance) (liveness *corev1.Probe) { scheme := corev1.URIScheme(strings.ToUpper(miniov1.Scheme)) port := intstr.IntOrString{ IntVal: int32(miniov1.MinIOPort), } - if mi.Spec.Readiness != nil { - readiness = &corev1.Probe{ - Handler: corev1.Handler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: miniov1.ReadinessPath, - Port: port, - Scheme: scheme, - }, - }, - InitialDelaySeconds: mi.Spec.Readiness.InitialDelaySeconds, - PeriodSeconds: mi.Spec.Readiness.PeriodSeconds, - TimeoutSeconds: mi.Spec.Readiness.TimeoutSeconds, - } - } - if mi.Spec.Liveness != nil { liveness = &corev1.Probe{ Handler: corev1.Handler{ @@ -181,7 +166,7 @@ func probes(mi *miniov1.MinIOInstance) (readiness, liveness *corev1.Probe) { } } - return readiness, liveness + return liveness } // Builds the MinIO container for a MinIOInstance. @@ -202,7 +187,7 @@ func minioServerContainer(mi *miniov1.MinIOInstance, serviceName string, hostsTe } } - readyProbe, liveProbe := probes(mi) + liveProbe := probes(mi) return corev1.Container{ Name: miniov1.MinIOServerName, @@ -218,7 +203,6 @@ func minioServerContainer(mi *miniov1.MinIOInstance, serviceName string, hostsTe Env: minioEnvironmentVars(mi), Resources: mi.Spec.Resources, LivenessProbe: liveProbe, - ReadinessProbe: readyProbe, } }