Comments (9)
Maybe there is a way we can have the migrator task check if the istio-proxy sidecar container exists and iff it exists wait for it to become healthy.
Alternatively, it could retry-until-short-timeout to log in to the database, regardless of what errors it sees when it's trying to connect. That behavior would be correct and istio-agnostic.
from capi-k8s-release.
I have a branch that replaces the istio-specific logic with generic logic that waits for a DB connection to be available before running the migrations. However, it looks like we still need to explicitly kill the istio sidecar as part of the job, as the istio-proxy is still running after the run-migrations container completed. Is this expected?
from capi-k8s-release.
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/175367511
The labels on this github issue will be updated when the story is started.
from capi-k8s-release.
@mike1808 based on the concerns on the Istio issue around this using undocumented aspects of the Kubernetes Pod start-up process are you confident that Istio will be able to maintain this behavior?
I always considered their "fix" here to be less of a fix and more of a best-effort mitigation. I'm worried that across Istio upgrades (y'all test this so it's probably less risky) and Kubernetes versions this behavior might change and we'll have to add the check back in.
Maybe there is a way we can have the migrator task check if the istio-proxy
sidecar container exists and iff it exists wait for it to become healthy.
from capi-k8s-release.
Yeah, that's a better idea!
from capi-k8s-release.
Currently, this issues blocks @cloudfoundry/cf-for-k8s-networking team from merging Contour work to develop in cf-for-k8s.
from capi-k8s-release.
Maybe there is a way we can have the migrator task check if the istio-proxy sidecar container exists and iff it exists wait for it to become healthy.
Alternatively, it could retry-until-short-timeout to log in to the database, regardless of what errors it sees when it's trying to connect. That behavior would be correct and istio-agnostic.
One simple way to do this: make a new rake task that spins until it can connect to the DB (and may eventually time out). The ccdb migrate job can then run rake spin-until-db-connects EXISTING_RAKE_TASKS
from capi-k8s-release.
Yeah, unfortunately for Jobs
you have to explicitly kill it with that /quitquitquit
endpoint. The hope is that this can be confused if/when Kubernetes ever gets something like first-class Sidecar containers (kubernetes/enhancements#753), but right now it's kinda rough.
This Istio issue talks more about it:
istio/istio#11659
from capi-k8s-release.
This is fixed now on the latest cf-for-k8s main
. See:
- cloudfoundry/cloud_controller_ng@d7a5fe3#diff-8e48e5cccab8a9fc9d245274271c1c1f0065248b0cd44539a08dc6aeca0f39a1
- cloudfoundry/cloud_controller_ng@56ee90b#diff-8e48e5cccab8a9fc9d245274271c1c1f0065248b0cd44539a08dc6aeca0f39a1
- cloudfoundry/cloud_controller_ng@b8aa9c4#diff-8e48e5cccab8a9fc9d245274271c1c1f0065248b0cd44539a08dc6aeca0f39a1
Thanks for reporting this @mike1808 ! 🙂
from capi-k8s-release.
Related Issues (20)
- cf create-service-key does not work HOT 6
- Assumptions about `KUBERNETES_SERVICE_HOST` break kubecf HOT 7
- Testing gitbot integration HOT 1
- Test cf-gitbot integration HOT 1
- Issue: FAILED - Package failed to process correctly after upload HOT 3
- General flakiness when CCNG attempts CRUD operations on Kubernetes resources HOT 2
- Random occurrences where build is marked is staged but is missing necessary metadata HOT 3
- container registry-buddy in cf-api-server and cf-api-worker pods always stop HOT 6
- Add a way to override some clock properties HOT 2
- staging can't find a gcr.io image HOT 3
- cf push hangs on 'Instance starting...' when trying to push a Docker Image app that runs as root HOT 2
- Droplet upload and download don't work HOT 2
- /v3/processes/PROCESS_GUID returns incorrect process command HOT 2
- CC should send all build failure messages to the app's `cf logs` stream HOT 2
- [RFC #0003] Scheduling workloads across multiple k8s Namespaces HOT 2
- cf delete-org fails when org has Docker apps pushed to the org HOT 2
- EXPOSE port for non-8080 Docker apps not respected HOT 4
- build reconciler is not copying the full detected start command for processes HOT 2
- Readiness probe for ccng workers and registry-buddy are not working HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from capi-k8s-release.