fix: only ping k8s for healthz in podsubnet

Signed-off-by: GitHub <[email protected]>

Author: rbtr

cns/healthserver/healthz.go

@@ -3,8 +3,6 @@ package healthserver
 import (
 	"net/http"
 
-	"github.com/Azure/azure-container-networking/cns"
-	"github.com/Azure/azure-container-networking/cns/configuration"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
 	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -21,13 +19,17 @@ func init() {
 	utilruntime.Must(v1alpha.AddToScheme(scheme))
 }
 
+type Config struct {
+	PingAPIServer bool
+}
+
 // NewHealthzHandlerWithChecks will return a [http.Handler] for CNS's /healthz endpoint.
 // Depending on what we expect CNS to be able to read (based on the [configuration.CNSConfig])
 // then the checks registered to the handler will test for those expectations. For example, in
 // ChannelMode: CRD, the health check will ensure that CNS is able to list NNCs successfully.
-func NewHealthzHandlerWithChecks(cnsConfig *configuration.CNSConfig) (http.Handler, error) {
+func NewHealthzHandlerWithChecks(cfg *Config) (http.Handler, error) {
 	checks := make(map[string]healthz.Checker)
-	if cnsConfig.ChannelMode == cns.CRD {
+	if cfg.PingAPIServer {
 		cfg, err := ctrl.GetConfig()
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to get kubeconfig")
@@ -38,7 +40,6 @@ func NewHealthzHandlerWithChecks(cnsConfig *configuration.CNSConfig) (http.Handl
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to build client")
 		}
-
 		checks["nnc"] = func(req *http.Request) error {
 			ctx := req.Context()
 			// we just care that we're allowed to List NNCs so set limit to 1 to minimize
@@ -52,9 +53,6 @@ func NewHealthzHandlerWithChecks(cnsConfig *configuration.CNSConfig) (http.Handl
 			return nil
 		}
 	}
-
-	// strip prefix so that it runs through all checks registered on the handler.
-	// otherwise it will look for a check named "healthz" and return a 404 if not there.
 	return &healthz.Handler{
 		Checks: checks,
 	}, nil

cns/healthserver/healthz_test.go

@@ -7,7 +7,6 @@ import (
 	"os"
 	"testing"
 
-	"github.com/Azure/azure-container-networking/cns/configuration"
 	"github.com/stretchr/testify/require"
 )
 
@@ -162,30 +161,30 @@ const nncResult = `{
 func TestNewHealthzHandlerWithChecks(t *testing.T) {
 	tests := []struct {
 		name            string
-		cnsConfig       *configuration.CNSConfig
+		config          *Config
 		apiStatusCode   int
 		expectedHealthy bool
 	}{
 		{
 			name: "list NNC gives 200 should indicate healthy",
-			cnsConfig: &configuration.CNSConfig{
-				ChannelMode: "CRD",
+			config: &Config{
+				PingAPIServer: true,
 			},
 			apiStatusCode:   http.StatusOK,
 			expectedHealthy: true,
 		},
 		{
 			name: "unauthorized (401) from apiserver should be unhealthy",
-			cnsConfig: &configuration.CNSConfig{
-				ChannelMode: "CRD",
+			config: &Config{
+				PingAPIServer: true,
 			},
 			apiStatusCode:   http.StatusUnauthorized,
 			expectedHealthy: false,
 		},
 		{
 			name: "channel nodesubnet should not call apiserver so it doesn't matter if the status code is a 401",
-			cnsConfig: &configuration.CNSConfig{
-				ChannelMode: "AzureHost",
+			config: &Config{
+				PingAPIServer: false,
 			},
 			apiStatusCode:   http.StatusUnauthorized,
 			expectedHealthy: true,
@@ -197,7 +196,7 @@ func TestNewHealthzHandlerWithChecks(t *testing.T) {
 			configureLocalAPIServer(t, tt.apiStatusCode)
 
 			responseRecorder := httptest.NewRecorder()
-			healthHandler, err := NewHealthzHandlerWithChecks(tt.cnsConfig)
+			healthHandler, err := NewHealthzHandlerWithChecks(tt.config)
 			healthHandler = http.StripPrefix("/healthz", healthHandler)
 			require.NoError(t, err)
 

cns/service/main.go

@@ -650,7 +650,9 @@ func main() {
 		}),
 	}
 
-	healthzHandler, err := healthserver.NewHealthzHandlerWithChecks(cnsconfig)
+	// piggyback on cni conflist scenario string to determine if it's podsubnet and we should
+	// check apiserver connectivity in the healthz handler
+	healthzHandler, err := healthserver.NewHealthzHandlerWithChecks(&healthserver.Config{PingAPIServer: cniConflistScenario(cnsconfig.CNIConflistScenario) == scenarioSWIFT})
 	if err != nil {
 		logger.Errorf("unable to initialize a healthz handler: %v", err)
 		return