Readiness and Liveness Probes

Overview

Goal
Configure Readiness and Liveness Probes of Microgateway correctly.
Notes
-

Preparation

  • Deploy the Kubernetes exercise
  • 1.
    Run the following commands:
  • copy
    cd readiness-and-liveness-probes/exercise/
    copy
    kubectl apply -k .
  • The exercise has been deployed successfully.

The exercise does not contain any licenses. Therefore, Airlock Microgateway runs as Community Edition

For more details see Features and support.

To run the exercise as Premium Edition, copy a valid license to .templates/microgateway/secret/microgateway.lic and execute kubectl apply -k . to re-deploy the Microgateway.

Instruction

  • Change the Microgateway configuration
  • 1.
    Watch the logs of the Microgateway pod.
  • details...

    Check the logs of the Microgateway configbuilder.

    copy
    kubectl logs -l app=microgateway -c configbuilder -f

    Follow the logs of the Microgateway runtime container.

    copy
    kubectl logs -l app=microgateway -c microgateway -f

    Follow the logs of the Microgateway runtime container and filter for interesting log messages. Mainly these are the log messages with the log_id WR-SG-SUMMARY and WR-SG-BLOCK. Under some circumstances, WR-SG-REJECT or WR-SG-BACK is also very interesting.

    copy
    kubectl logs -l app=microgateway -c microgateway -f | grep -iE "WR-SG-(SUMMARY|BLOCK|REJECT|BACK)"
    • Check the following
    • Did the Microgateway configbuilder start successfully?
    • Did the Microgateway runtime container start sucessfully?
    details...
    • The following should be noticed:
    • The Microgateway configbuilder processed the configuration without any problems.
    • The Microgateway runtime container started without any problems.
  • 2.
    Check the status of the Microgateway pod.
    • Check the following:
    • Is the Microgateway pod ready?
    • What are the events shown for the Microgateway pod?
    details...
    • The following should be noticed:
    • The kubectl describe command shows that the Pod is not ready.
    • The events listed show that the Readiness and Liveness Probe checks failed.
      • Kubernetes tried to reach the probe endpoint of the container on port 443.
      • The container is not deployed to accept any traffic on port 443. Adapt the Readiness and Liveness Probe configuration in the Microgateway deployment.
    details...

    List the Microgateway pods:

    copy
    kubectl get pod
    copy
    kubectl get pod -l app=microgateway

    Show Microgateway pod details:

    copy
    kubectl describe pod -l app=microgateway

    Once the pod is ready to process requests, the output of the kubectl describe command shows that the pod is ready.

    ...
       Conditions: 
      Type              Status 
      Initialized       True 
      Ready             True 
      ContainersReady   True 
      PodScheduled      True
    ...     
  • 3.
    Edit the Microgateway deployment definition.
    • Configure the following settings for the Microgateway deployment:
    • deployment.spec.template.spec.containers.readinessProbe.httpGet.port
    • deployment.spec.template.spec.containers.livenessProbe.httpGet.port

    Use the (Microgateway) Liveness and Readiness probes to accomplish this task.

    details...
    • Modify the deployment:
    • 1.
      Retrieve the current deployment definition:
    • copy
      kubectl get deployments microgateway -o yaml > microgateway-deployment.yaml
    • 2.
      Adapt the file microgateway-deployment.yaml to your needs.
    • 3.
      Update the Microgateway deployment.
    • copy
      kubectl apply -f microgateway-deployment.yaml

    A new Microgateway pod will be deployed automatically after updating the Microgateway deployment.

    details...

    The modified part of the microgateway-deployment.yaml file looks as follow:

    copy
          containers: 
            - name: microgateway
              ...            
              ports: 
                - name: http
                  containerPort: 8080
                - name: https
                  containerPort: 8443
                - name: probes
                  containerPort: 9090
                - name: metrics
                  containerPort: 9102
              readinessProbe: 
                ... 
                httpGet: 
                  path: /healthy 
                  port: probes 
                ... 
              livenessProbe: 
                ... 
                httpGet: 
                  path: /alive 
                  port: probes
                ...  
  • 4.
    Check the status of the Microgateway pod.
  • details...

    List the Microgateway pods:

    copy
    kubectl get pod
    copy
    kubectl get pod -l app=microgateway

    Show Microgateway pod details:

    copy
    kubectl describe pod -l app=microgateway

    Once the pod is ready to process requests, the output of the kubectl describe command shows that the pod is ready.

    ...
       Conditions: 
      Type              Status 
      Initialized       True 
      Ready             True 
      ContainersReady   True 
      PodScheduled      True
    ...     
  • 5.
    Connect to the website:
    • Open the URL in your browser: https://<MINIKUBE_IP>/
  • The web application should be reachable from the browser.
  • 6.
    Watch the logs of the Microgateway pod.
  • details...

    Check the logs of the Microgateway configbuilder.

    copy
    kubectl logs -l app=microgateway -c configbuilder -f

    Follow the logs of the Microgateway runtime container.

    copy
    kubectl logs -l app=microgateway -c microgateway -f

    Follow the logs of the Microgateway runtime container and filter for interesting log messages. Mainly these are the log messages with the log_id WR-SG-SUMMARY and WR-SG-BLOCK. Under some circumstances, WR-SG-REJECT or WR-SG-BACK is also very interesting.

    copy
    kubectl logs -l app=microgateway -c microgateway -f | grep -iE "WR-SG-(SUMMARY|BLOCK|REJECT|BACK)"
  • The log message WR-SG-SUMMARY with the key action:allowed indicates that the request has successfully proceeded.

Cleanup

  • Delete Kubernetes resources from previously exercises or solutions
  • 1.
    Run the following commands:
  • copy
    kubectl delete all,ing,cm,secrets,pv,pvc,sa,roles,rolebindings,clusterroles,clusterrolebindings -l purpose=microgateway-tutorial
  • All relevant Kubernetes resources in the namespace have been deleted successfully.