emit warning on no liveness probe defined for pods

[juanvallejo]

fixes #10271

This patch iterates through pod specs, listing specs with no liveness
probes set. Any replication controllers whose deployment is fulfilled by
a DeploymentConfig are ignored.

Example

$ oc create -f pkg/api/graph/test/simple-deployment
deploymentconfig "simple-deployment" created

$ oc get all
NAME                   REVISION   DESIRED   CURRENT   TRIGGERED BY
dc/simple-deployment   1          1         0         config

NAME                     DESIRED   CURRENT   READY     AGE
rc/simple-deployment-1   0         0         0         1m

NAME                            READY     STATUS              RESTARTS
AGE
po/simple-deployment-1-deploy   0/1       ContainerCreating   0
1m

$ oc status -v
In project test on server https://10.111.123.56:8443

dc/simple-deployment deploys docker.io/openshift/deployment-example:v1
  deployment #1 pending 26 seconds ago

Warnings:
  * pod/simple-deployment-1-deploy has no liveness probe to verify pods are still running.
    try: oc set probe pod/simple-deployment-1-deploy --liveness ...
  * dc/simple-deployment has no liveness probe to verify pods are still running.
    try: oc set probe dc/simple-deployment --liveness ...

View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.

cc @fabianofranz @stevekuznetsov

[juanvallejo]

[test]

[stevekuznetsov]

Named points almost always mean the code should be factored differently. Factor our your one large method into smaller methods to reduce cyclomatic complexity and as a result the need for this will go away.

[deads2k]

Named points almost always mean the code should be factored differently. Factor our your one large method into smaller methods to reduce cyclomatic complexity and as a result the need for this will go away.

@stevekuznetsov is right.

[fabianofranz]

cc @deads2k

[deads2k]

@fabianofranz I'll defer to you about info vs warning.

[fabianofranz]

I vote for info.

[deads2k]

Needs a test.

[juanvallejo]

Needs a test.

Will add a unit test

This patch currently lists all pods without a --liveness probe, including replicationcontroller pods created by deploymentconfigs. It would be ideal to only list deploymentconfig pods in those cases.

Current output:

  * rc/mysql-master-1 has no liveness probe to verify pods are still running.
    try: oc set probe rc/mysql-master-1 --liveness ...
  * rc/mysql-slave-1 has no liveness probe to verify pods are still running.
    try: oc set probe rc/mysql-slave-1 --liveness ...
  * rc/node-1 has no liveness probe to verify pods are still running.
    try: oc set probe rc/node-1 --liveness ...
  * rc/ruby-1 has no liveness probe to verify pods are still running.
    try: oc set probe rc/ruby-1 --liveness ...
  * pod/mysql-slave-1-deploy has no liveness probe to verify pods are still running.
    try: oc set probe pod/mysql-slave-1-deploy --liveness ...
  * pod/ruby-1-nec4y has no liveness probe to verify pods are still running.
    try: oc set probe pod/ruby-1-nec4y --liveness ...
  * dc/mysql-master has no liveness probe to verify pods are still running.
    try: oc set probe dc/mysql-master --liveness ...
  * dc/mysql-slave has no liveness probe to verify pods are still running.
    try: oc set probe dc/mysql-slave --liveness ...
  * dc/node has no liveness probe to verify pods are still running.
    try: oc set probe dc/node --liveness ...
  * dc/ruby has no liveness probe to verify pods are still running.
    try: oc set probe dc/ruby --liveness ...

Any feedback / help with this is welcome

[stevekuznetsov]

// and generates a list of deduped markers.... ?

[deads2k]

This patch currently lists all pods without a --liveness probe, including replicationcontroller pods created by deploymentconfigs. It would be ideal to only list deploymentconfig pods in those cases.

Not just non-ideal. Any advice you give for fixing up an RC that's managed by a DC is bad advise. users shouldn't modify those resources.

[juanvallejo]

@fabianofranz @deads2k Went ahead updated this PR to ignore rc's owned by deployment configs. Also added tests. PTAL

[fabianofranz]

LGTM, @deads2k anything else?

[deads2k]

seems fragile.

[deads2k]

LGTM, @deads2k anything else?

The graph bits look a little fragile, but if you're committed to fixing them up later I'll let it go.

[juanvallejo]

@deads2k

The graph bits look a little fragile, but if you're committed to fixing them up later I'll let it go.

Definitely. Do you have any suggestions for improving it in this PR?

[juanvallejo]

@fabianofranz @deads2k Added a ControllerRefEdgeKind and appended it to the edge between deploymentconfigs and replicationcontrollers for now, any thoughts on this implementation? d75004e

[stevekuznetsov]

The comments I had for you in person remain -- enforcing this weakly by co-locating the two edge creations instead of programmatically by subtyping ControllerRefEdgeKind with DeploymentEdgeKind is not ideal.

[juanvallejo]

@stevekuznetsov I will go ahead and open those changes in a new PR, unless it's better to add it in a new commit here? Thanks for the feedback on this btw

[stevekuznetsov]

I am not sure that closing out that issue in this fast/incomplete way is the correct first step. I would implement the structure necessary to do it first, then come back to this PR. Will defer my opinion to @deads / @fabianofranz

[juanvallejo]

Slightly different deads summoned :]
cc @deads2k

[juanvallejo]

@stevekuznetsov

I am not sure that closing out that issue in this fast/incomplete way is the correct first step. I would implement the structure necessary to do it first, then come back to this PR

Sounds good, I'll go ahead and propose this change and begin working on a separate PR for it

[deads2k]

isn't this the same as the "ManagedByController" edge from AddManagedByControllerPodEdges? See if you can find the PR, but I'm pretty sure we discussed this as generic there.

[juanvallejo]

@deads2k Found this PR #9972. Since this edge kind exists, would I just be filtering the graph by ManagedByControllerEdgeKind here?

[juanvallejo]

@deads2k or @csrwng PTAL 6807a7a

[deads2k]

make this a bool check.

[deads2k]

bad name, this is a bool. Skip from here if there's no issue.

[deads2k]

no

[deads2k]

Check here to see if you

[deads2k]

check here to see if you have a controllerref edge (whatever its called). continue if you do.

[deads2k]

this isn't needed.

[deads2k]

unnecessary.

[deads2k]

the name node sucks so much.

[deads2k]

At this point, you either attach the marker to the toplevelcontainingnode or to the podspec node (see which renders right). If they both render correctly, attach to the podspecnode.

[deads2k]

in psuedo code:

if hasliveness(podspec){
    continue
}

topContainingNode = ....
if topcontainerNode has controllerref edge{
    continue
}

addmarker

[juanvallejo]

@deads2k Thanks for the feedback! Review comments addressed 9ed2553

cc @fabianofranz

[juanvallejo]

networking check flaked on #11452 re[test]

[deads2k]

this check is cheap, run it first.

[deads2k]

move after the "is this node ok" check

[deads2k]

add a comment here explaining the reasoning.

[deads2k]

add the toplevel node as related.

[deads2k]

Don't we have a cleaner way to do this? List outbound edges and check them directly?

[deads2k]

minor comments. lgtm otherwise.

[juanvallejo]

@deads2k Thanks for the feedback, review comments addressed

[deads2k]

lgtm. needs a squash.

[juanvallejo]

conformance test flaked on #11114 re[test]

[openshift-bot]

Evaluated for origin test up to 914b5c9

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/10701/) (Base Commit: 8bb33be)

[juanvallejo]

@deads2k

lgtm. needs a squash.

Done!

[fabianofranz]

[merge]

[openshift-bot]

Evaluated for origin merge up to 914b5c9

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/10767/) (Base Commit: 0403599) (Image: devenv-rhel7_5261)