Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HTTP health server (closes #115) #227

Open
wants to merge 44 commits into
base: main
Choose a base branch
from
Open

Add HTTP health server (closes #115) #227

wants to merge 44 commits into from
+246 −53

Conversation

keeganwitt
Copy link
Contributor

@keeganwitt keeganwitt commented Dec 7, 2024
edited by faisal-memon
Loading

fixes #115

@keeganwitt keeganwitt marked this pull request as ready for review December 7, 2024 22:18
@keeganwitt
Copy link
Contributor Author

I'm not sure if I did this the right way. We also might want more checks than I've implemented.

@faisal-memon faisal-memon added this to the 0.10.0 milestone Dec 9, 2024
@faisal-memon
Copy link
Collaborator

Thanks @keeganwitt for submitting this.

faisal-memon
faisal-memon reviewed Dec 10, 2024
View reviewed changes
cmd/spiffe-helper/config/config.go Outdated Show resolved Hide resolved
cmd/spiffe-helper/main.go Outdated Show resolved Hide resolved
cmd/spiffe-helper/main.go Outdated Show resolved Hide resolved
faisal-memon
faisal-memon reviewed Dec 13, 2024
View reviewed changes
pkg/health/health.go Outdated Show resolved Hide resolved
@keeganwitt
Keep ParseConfigFile in main
07985d7 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Fix tests
28885ec 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Merge remote-tracking branch 'upstream/main' into 115
1e7ccd1
@keeganwitt
Upgrade golangci-lint to fix error
59af728 
Error: can't load config: the Go language version (go1.22) used to build golangci-lint is lower than the targeted Go version (1.23.3)

Signed-off-by: Keegan Witt <[email protected]>
faisal-memon
faisal-memon reviewed Dec 16, 2024
View reviewed changes
Makefile Outdated Show resolved Hide resolved
faisal-memon
faisal-memon reviewed Dec 16, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
keeganwitt and others added 4 commits December 16, 2024 16:45
@keeganwitt @faisal-memon
Update cmd/spiffe-helper/config/config.go
68a27ba 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt @faisal-memon
Update README.md
6084685 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Fix remaining config renames
944d880 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Merge branch 'main' into 115
15928aa
keeganwitt and others added 6 commits January 15, 2025 13:16
@keeganwitt @faisal-memon
Update pkg/sidecar/sidecar.go
dd5f6be 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt @faisal-memon
Update pkg/sidecar/sidecar.go
273db1a 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt @faisal-memon
Update pkg/sidecar/sidecar_test.go
28c7f4c 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt @faisal-memon
Update pkg/sidecar/sidecar.go
653c99e 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt @faisal-memon
Update pkg/sidecar/sidecar.go
4e2696a 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt @faisal-memon
Update pkg/sidecar/sidecar.go
d36cf15 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
faisal-memon
faisal-memon reviewed Jan 15, 2025
View reviewed changes
pkg/health/health.go Outdated Show resolved Hide resolved
@keeganwitt @faisal-memon
Update pkg/health/health.go
cf1f22a 
Co-authored-by: Faisal Memon <[email protected]>
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Copy link
Contributor Author

Do you think we should wrap the FileWriteStatus in a Health struct so that the top level JSON is an object/map that can contain future health check info?

@faisal-memon
Copy link
Collaborator

Do you think we should wrap the FileWriteStatus in a Health struct so that the top level JSON is an object/map that can contain future health check info?

Not mandatory but I think that would make the output look a little nicer.

@keeganwitt
Copy link
Contributor Author

keeganwitt commented Jan 15, 2025
edited
Loading

Do you think we should wrap the FileWriteStatus in a Health struct so that the top level JSON is an object/map that can contain future health check info?

I guess it already is an object, just doesn't have a top level key. So currently looks like

{
    "x509_write_success": true,
    "jwt_write_successes": {
        "a.jwt": true,
        "b.jwt": false
    }
}

But we might want something like this, so then we could add future keys, like a hypothetical socket_connection_failed

{
    "write_successes": {
        "x509_write_success": true,
        "jwt_write_successes": {
            "a.jwt": true,
            "b.jwt": false
        }
    },
    "socket_connection_failed": false
}

@keeganwitt
Copy link
Contributor Author

Do you think we should wrap the FileWriteStatus in a Health struct so that the top level JSON is an object/map that can contain future health check info?

I guess it already is an object, just doesn't have a top level key. So currently looks like

{
    "x509_write_success": true,
    "jwt_write_successes": {
        "a.jwt": true,
        "b.jwt": false
    }
}

But we might want something like this, so then we could add future keys, like a hypothetical socket_connection_failed

{
    "write_successes": {
        "x509_write_success": true,
        "jwt_write_successes": {
            "a.jwt": true,
            "b.jwt": false
        }
    },
    "socket_connection_failed": false
}

Optionally, we can also wrap it at the top level:

{
    "health": {
        "write_successes": {
            "x509_write_success": true,
            "jwt_write_successes": {
                "a.jwt": true,
                "b.jwt": false
            }
        },
        "socket_connection_failed": false
    }
}

@keeganwitt
Copy link
Contributor Author

I'm wondering now if the health check should distinguish between "failed to write" and "not yet written". That distinction would be important for a readiness probe.

@keeganwitt
Move StartHealthServer() into startSidecar()
c563e1c 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Lint fix
241ca62 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Update readme
9cad97f 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Log when health server is starting
61be108 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Change Error response to also be JSON
b1b054b 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Refactoring
dff19b4 
Signed-off-by: Keegan Witt <[email protected]>
@keeganwitt
Copy link
Contributor Author

keeganwitt commented Jan 18, 2025
edited
Loading

Here's what the output results look like when it first starts

// live
{
  "status": "OK",
  "health": {
    "file_write_statuses": {
      "x509_write_status": "unwritten",
      "jwt_write_status": {
        "certs": "unwritten"
      }
    }
  }
}
// ready
{
  "status": "Service Unavailable",
  "health": {
    "file_write_statuses": {
      "x509_write_status": "unwritten",
      "jwt_write_status": {
        "certs": "unwritten"
      }
    }
  }
}

@keeganwitt
Copy link
Contributor Author

Here's what the output results look like when it first starts

// live
{
  "status": "OK",
  "health": {
    "file_write_statuses": {
      "x509_write_status": "unwritten",
      "jwt_write_status": {
        "certs": "unwritten"
      }
    }
  }
}
// ready
{
  "status": "Service Unavailable",
  "health": {
    "file_write_statuses": {
      "x509_write_status": "unwritten",
      "jwt_write_status": {
        "certs": "unwritten"
      }
    }
  }
}

Maybe the status should be "ready/not ready" and "live/not live" instead of an HTTP status. Does that read easier?

@kfox1111
Copy link
Contributor

kfox1111 commented Jan 19, 2025
edited
Loading

Hmm....

We may be crossing purposes too much?

Most of the time the check I've seen is pretty simple. http return code and not much more.

For details, they need to be readable as metrics so they can be collected over time, graphed, and alerted on. The formatting here looks more useful to humans then for machine processing.

Not saying that is a bad thing, but maybe we're too focused on it where others skip it?

faisal-memon
faisal-memon reviewed Jan 22, 2025
View reviewed changes
cmd/spiffe-helper/main.go
Comment on lines +38 to +39
sidecarConfig := config.NewSidecarConfig(hclConfig, log)
spiffeSidecar := sidecar.New(sidecarConfig)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These two lines can go into startSidecar()

faisal-memon
faisal-memon reviewed Jan 22, 2025
View reviewed changes
cmd/spiffe-helper/main.go
Comment on lines +40 to +41
err = startSidecar(hclConfig, log, spiffeSidecar)
if err != nil {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
err = startSidecar(hclConfig, log, spiffeSidecar)
if err != nil {
if err = startSidecar(hclConfig, log, spiffeSidecar); err != nil {

@faisal-memon
Copy link
Collaborator

@keeganwitt Just two minor comments and then we're good to go. @kfox1111 Valid point. Lets merge this and see how it goes. Can always change the output to be more machine friendly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@faisal-memon faisal-memon faisal-memon left review comments

@kfox1111 kfox1111 kfox1111 left review comments

@MarcosDY MarcosDY Awaiting requested review from MarcosDY MarcosDY is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.10.0
Development

Successfully merging this pull request may close these issues.

Kubernetes Sidecar Usecase
3 participants
@keeganwitt @faisal-memon @kfox1111