Exclude etcd readiness checks from /readyz to ignore temporary etcd h…

…iccups Explicitly exclude etcd and etcd-readiness checks (OCPBUGS-48177) and have etcd operator take responsibility for properly reporting etcd readiness. Justification: kube-apiserver instances get removed from a load balancer when etcd starts to report not ready (as will KA's /readyz). Client connections can withstand etcd unreadiness longer than the readiness timeout is. Thus, it is not necessary to drop connections in case etcd resumes its readiness before a client connection times out naturally.
openshift · Jan 20, 2025 · 52172a0 · 52172a0
1 parent a9ec252
commit 52172a0
Show file tree

Hide file tree

Showing 13 changed files with 9 additions and 12 deletions.
diff --git a/bindata/oauth-apiserver/deploy.yaml b/bindata/oauth-apiserver/deploy.yaml
@@ -130,7 +130,7 @@ spec:
           httpGet:
             scheme: HTTPS
             port: 8443
-            path: readyz
+            path: readyz?exclude=etcd&exclude=etcd-readiness
           initialDelaySeconds: 0
           periodSeconds: 5
           timeoutSeconds: 10

diff --git a/pkg/operator/workload/testdata/sync_ds_scenario_1.yaml b/pkg/operator/workload/testdata/sync_ds_scenario_1.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     openshiftapiservers.operator.openshift.io/operator-pull-spec: ""
-    operator.openshift.io/spec-hash: "1986a56f7e54d5a8fb43656056b747bf93c3eeea535b79bb2866562a001a3778"
+    operator.openshift.io/spec-hash: "dc41cb7ec4f6f82f4a8637ae233969f202c36f6acd376aca21980313af7c9f50"
   creationTimestamp: ~
   labels:
     apiserver: "true"
@@ -87,7 +87,7 @@ spec:
             httpGet:
               scheme: HTTPS
               port: 8443
-              path: readyz
+              path: readyz?exclude=etcd&exclude=etcd-readiness
             initialDelaySeconds: 0
             periodSeconds: 5
             timeoutSeconds: 10
@@ -213,4 +213,3 @@ spec:
             path: /var/log/oauth-apiserver
           name: audit-dir
 status: {}
-
diff --git a/pkg/operator/workload/testdata/sync_ds_scenario_2.yaml b/pkg/operator/workload/testdata/sync_ds_scenario_2.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     openshiftapiservers.operator.openshift.io/operator-pull-spec: ""
-    operator.openshift.io/spec-hash: "fbe2e5bff6b8355967db0b9d904e66a2a56018f85b6e488362d6d5161bde1f93"
+    operator.openshift.io/spec-hash: "857876e78675ca8630c8a1ef114cc9487d714ab30b0e22178ccc77ffd95012d5"
   creationTimestamp: ~
   labels:
     apiserver: "true"
@@ -96,7 +96,7 @@ spec:
             httpGet:
               scheme: HTTPS
               port: 8443
-              path: readyz
+              path: readyz?exclude=etcd&exclude=etcd-readiness
             initialDelaySeconds: 0
             periodSeconds: 5
             timeoutSeconds: 10
@@ -222,4 +222,3 @@ spec:
             path: /var/log/oauth-apiserver
           name: audit-dir
 status: {}
-
diff --git a/pkg/operator/workload/testdata/sync_ds_scenario_3.yaml b/pkg/operator/workload/testdata/sync_ds_scenario_3.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     openshiftapiservers.operator.openshift.io/operator-pull-spec: ""
-    operator.openshift.io/spec-hash: "ccb8d879eec9cdde0c99dd71a28ec2f55d94ffce29e96b74a2b126c3014f223d"
+    operator.openshift.io/spec-hash: "a4574abdfafd21fb9a70db6c0cd6064f940ec4d3f199a0f5d9e0ac8392500f9d"
   creationTimestamp: ~
   labels:
     apiserver: "true"
@@ -91,7 +91,7 @@ spec:
             httpGet:
               scheme: HTTPS
               port: 8443
-              path: readyz
+              path: readyz?exclude=etcd&exclude=etcd-readiness
             initialDelaySeconds: 0
             periodSeconds: 5
             timeoutSeconds: 10
@@ -217,4 +217,3 @@ spec:
             path: /var/log/oauth-apiserver
           name: audit-dir
 status: {}
-
diff --git a/...io/authentications/4dff-body-cluster.yaml → ...io/authentications/8406-body-cluster.yaml b/...io/authentications/4dff-body-cluster.yaml → ...io/authentications/8406-body-cluster.yaml
diff --git a/...uthentications/4dff-metadata-cluster.yaml → ...uthentications/8406-metadata-cluster.yaml b/...uthentications/4dff-metadata-cluster.yaml → ...uthentications/8406-metadata-cluster.yaml
diff --git a/...authentications/4dff-options-cluster.yaml → ...authentications/8406-options-cluster.yaml b/...authentications/4dff-options-cluster.yaml → ...authentications/8406-options-cluster.yaml
diff --git a/...c23d-body-v4-0-config-system-session.yaml → ...df44-body-v4-0-config-system-session.yaml b/...c23d-body-v4-0-config-system-session.yaml → ...df44-body-v4-0-config-system-session.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  v4-0-config-system-session: eyJraW5kIjoiU2Vzc2lvblNlY3JldHMiLCJhcGlWZXJzaW9uIjoib3BlcmF0b3J2MWNsaWVudCIsInNlY3JldHMiOlt7ImF1dGhlbnRpY2F0aW9uIjoiZXlFUDNvR21XNnNEdW5JWlV2aHVabFJXV25GdlpkQ2RhYXJCZGl0MEJ2b1FKOVp2aW8xcHdNMUdDNXF6RTY2NyIsImVuY3J5cHRpb24iOiJmSDNqeF9CR0J0alBZQW9HU011M3RJbVpLX29aRmdWeiJ9XX0=
+  v4-0-config-system-session: eyJraW5kIjoiU2Vzc2lvblNlY3JldHMiLCJhcGlWZXJzaW9uIjoib3BlcmF0b3J2MWNsaWVudCIsInNlY3JldHMiOlt7ImF1dGhlbnRpY2F0aW9uIjoidGFvV3E4cUlHcnFOd21GRVI5c2QzQUJBdnZNWTYtWTFOOEdmb0VSZlZnb1hxYzdiR3ByTlFKWGg1amVRVlc2NSIsImVuY3J5cHRpb24iOiJkNl9OTmp0Z1I4OHhOUXZ1NkhNZ3RZaTdRNWZLYzV4OCJ9XX0=
 kind: Secret
 metadata:
   creationTimestamp: null

diff --git a/...-metadata-v4-0-config-system-session.yaml → ...-metadata-v4-0-config-system-session.yaml b/...-metadata-v4-0-config-system-session.yaml → ...-metadata-v4-0-config-system-session.yaml
diff --git a/...eroperators/0598-body-authentication.yaml → ...eroperators/85c3-body-authentication.yaml b/...eroperators/0598-body-authentication.yaml → ...eroperators/85c3-body-authentication.yaml
diff --git a/...erators/0598-metadata-authentication.yaml → ...erators/85c3-metadata-authentication.yaml b/...erators/0598-metadata-authentication.yaml → ...erators/85c3-metadata-authentication.yaml
diff --git a/...shift-COLON-openshift-authenticator-.yaml → ...shift-COLON-openshift-authenticator-.yaml b/...shift-COLON-openshift-authenticator-.yaml → ...shift-COLON-openshift-authenticator-.yaml
@@ -6,7 +6,7 @@ metadata:
   labels:
     authentication.openshift.io/csr: openshift-authenticator
 spec:
-  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkRqQ0J0QUlCQURCU01WQXdUZ1lEVlFRREUwZHplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YjNCbApibk5vYVdaMExXOWhkWFJvTFdGd2FYTmxjblpsY2pwdmNHVnVjMmhwWm5RdFlYVjBhR1Z1ZEdsallYUnZjakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkx6Q3hKUTRjZ2tubVlqdytSd1Nmb2kwUWt5dktua1UKOEZuUXJJRWxNUE8vUG13eDdva1h5SjhONmNpQkNZaWYrLzkvaTdIN1MzN3BrUkM5YmliRnQvU2dBREFLQmdncQpoa2pPUFFRREFnTkpBREJHQWlFQTJjRXRhbHczWENSMlhkODZGN2tsL2hzWWlKNTZYMlBWcXVnUHA5SGxwWjhDCklRRElxR25WcE5wbXRPMWlYazFJaGhxWlVsbGZ5YmxHS3F6U0VhWWFRTEhRUXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K
+  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkREQ0J0QUlCQURCU01WQXdUZ1lEVlFRREUwZHplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YjNCbApibk5vYVdaMExXOWhkWFJvTFdGd2FYTmxjblpsY2pwdmNHVnVjMmhwWm5RdFlYVjBhR1Z1ZEdsallYUnZjakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk1Pd1pLTmJyM2pGQU4xQ2kzeEhMUENPaFd4R1hTby8Kem1qRlplVTBPUTRwZVJ6dmNCSGt6QUFUdi9Ba0VHY2lHay9xQ1k1QmVDaTYyU1Bmby8wYk1ueWdBREFLQmdncQpoa2pPUFFRREFnTkhBREJFQWlCcHp1czBCWmZDN29WRlpCdkdid3BlK2hWbm1xMVJNTEdWMHZXVTk4bnpud0lnCkZ3aEx0UWpOSmtGMmNtWTlHeDZ2WXRiNUcxc0Y2dXd6cnhLQ1luYW9PeFE9Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
   signerName: kubernetes.io/kube-apiserver-client
   usages:
   - digital signature

diff --git a/...shift-COLON-openshift-authenticator-.yaml → ...shift-COLON-openshift-authenticator-.yaml b/...shift-COLON-openshift-authenticator-.yaml → ...shift-COLON-openshift-authenticator-.yaml