Skip to content
This repository has been archived by the owner on Apr 10, 2024. It is now read-only.

Commit

Permalink
Use HTTP/1.1 to perform readiness check
Browse files Browse the repository at this point in the history
This change re-enables the readiness check, using HTTP/1.1 instead of
HTTP/2 to invoke it. The readiness checks are unauthenticated and are
throttled when the feature gate UnauthenticatedHTTP2DOSMitigation is set
to true, which is the default starting in Kubernetes 1.29 (see
https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates).
This was the cause of the "GOAWAY received" errors that have been
observed on Kubernetes 1.29.

This change also decouples starting of the servers from waiting until
they become ready, so that if the readiness check fails due to some
error that propagates out of the polling loop (e.g. IOException), the
caller is free to catch it and continue waiting.
  • Loading branch information
adriansuarez committed Jan 17, 2024
1 parent be1a289 commit afd4a55
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ public KubeAPIServer(KubeAPIServerConfig config) {
}

public void start() {
startAsync();
waitUntilReady();
}

public void startAsync() {
log.debug("Stating API Server. Using jenvtest dir: {}", config.getJenvtestDir());
binaryManager.initAndDownloadIfRequired();
certManager.createCertificatesIfNeeded();
Expand All @@ -45,6 +50,9 @@ public void start() {
if (config.isUpdateKubeConfig()) {
kubeConfig.updateKubeConfig(apiServerPort);
}
}

public void waitUntilReady() {
kubeApiServerProcess.waitUntilReady();
log.debug("API Server ready to use");
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,7 @@ public void waitUntilReady() {
var readinessChecker = new ProcessReadinessChecker();
var timeout = config.getStartupTimeout();
var startTime = System.currentTimeMillis();
// the 1.29.0 binary has issue with this. Will temporarily comment out and further investigate.
// But with this now all the executions are failing
// readinessChecker.waitUntilReady(apiServerPort, "readyz", KUBE_API_SERVER, true, timeout);
readinessChecker.waitUntilReady(apiServerPort, "readyz", KUBE_API_SERVER, true, timeout);
int newTimout = (int) (timeout - (System.currentTimeMillis() - startTime));
readinessChecker.waitUntilDefaultNamespaceAvailable(apiServerPort, binaryManager, certManager,
config, newTimout);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,7 @@ public void checkServerTrusted(
null);
return HttpClient.newBuilder()
.sslContext(sslContext)
.version(HttpClient.Version.HTTP_1_1)
.build();
} catch (NoSuchAlgorithmException | KeyManagementException e) {
throw new JenvtestException(e);
Expand Down

0 comments on commit afd4a55

Please sign in to comment.