Skip to content

Commit cf1bc48

Browse files
sumanthravipatisumanthravipati
authored
MLE-4146: Liveness and Readiness Probe Changes Commit (#198)
1 parent a829d6a commit cf1bc48

File tree

4 files changed

+55
-42
lines changed

4 files changed

+55
-42
lines changed

README.md

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -164,22 +164,16 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
164164
| `containerSecurityContext.allowPrivilegeEscalation` | Controls whether a process can gain more privileges than its parent process | `true` |
165165
| `livenessProbe.enabled` | Parameter to enable the liveness probe | `true` |
166166
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for liveness probe | `300` |
167-
| `livenessProbe.periodSeconds` | Period seconds for liveness probe | `20` |
167+
| `livenessProbe.periodSeconds` | Period seconds for liveness probe | `10` |
168168
| `livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `5` |
169169
| `livenessProbe.failureThreshold` | Failure threshold for liveness probe | `15` |
170170
| `livenessProbe.successThreshold` | Success threshold for liveness probe | `1` |
171-
| `readinessProbe.enabled` | Use this parameter to enable the readiness probe. See [Known-Issues-and-Limitations](#known-issues-and-limitations)section | `false` |
171+
| `readinessProbe.enabled` | Parameter to enable the readiness probe | `false` |
172172
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readiness probe | `10` |
173-
| `readinessProbe.periodSeconds` | Period seconds for readiness probe | `60` |
173+
| `readinessProbe.periodSeconds` | Period seconds for readiness probe | `10` |
174174
| `readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `5` |
175175
| `readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` |
176176
| `readinessProbe.successThreshold` | Success threshold for readiness probe | `1` |
177-
| `startupProbe.enabled` | Parameter to enable startup probe. See [Known-Issues-and-Limitations](#known-issues-and-limitations) section | `false` |
178-
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startup probe | `10` |
179-
| `startupProbe.periodSeconds` | Period seconds for startup probe | `20` |
180-
| `startupProbe.timeoutSeconds` | Timeout seconds for startup probe | `1` |
181-
| `startupProbe.failureThreshold` | Failure threshold for startup probe | `30` |
182-
| `startupProbe.successThreshold` | Success threshold for startup probe | `1` |
183177
| `logCollection.enabled` | Parameter to enable cluster wide log collection of Marklogic server logs | `false` |
184178
| `logCollection.image` | Image repository and tag for fluent-bit container | `fluent/fluent-bit:2.2.2` |
185179
| `logCollection.resources.requests.cpu` | The requested cpu resource for the fluent-bit container | `100m` |
@@ -221,4 +215,3 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
221215
4. The latest released version of fluent/fluent-bit:2.2.2 has known security vulnerabilities with respect to libcom-err2 CVE-2022-1304, libgcrypt20 CVE-2021-33560, libgnutls30 CVE-2024-0567, libldap-2.4-2 CVE-2023-2953, libzstd1 CVE-2022-4899, zlib1g CVE-2023-45853. These libraries are included in the Debian base image but, to-date, no fixes have been made available. For libpq5 CVE-2024-0985, we wait for a future upgrade of the fluent-bit image to include the fix. We will provide updates and mitigation strategies as soon as more information becomes available.
222216
5. The latest released version of redhat/ubi9:9.3 has known security vulnerabilities with respect to setuptools GHSA-r9hx-vwmv-q579, we wait for a future upgrade of the redhad ubi image to include the fix.
223217
6. The security context “allowPrivilegeEscalation” is set to TRUE by default in values.yaml file and cannot be changed to run the current MarkLogic container. Work is in progress to run MarkLogic container in "rootless" mode.
224-
7. The Readiness and Startup Probe are not compatible with HA deployment. At the moment these probes may fail in the case of Security database failover. As of the 1.0.2 helm chart release, the startup and readiness probes are disabled by default.

charts/templates/configmap-scripts.yaml

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
apiVersion: v1
2+
kind: ConfigMap
3+
metadata:
4+
name: {{ .Release.Name }}-scripts
5+
data:
6+
liveness-probe.sh: |
7+
#!/bin/bash
8+
9+
log () {
10+
local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
11+
# Check to make sure pod doesn't terminate if PID value is empty for any reason
12+
if [ -n "$pid" ]; then
13+
echo "${TIMESTAMP} $@" > /proc/$pid/fd/1
14+
fi
15+
}
16+
17+
pid=$(pgrep start.marklogic)
18+
19+
# Check if ML service is running. Exit with 1 if it is other than running
20+
ml_status=$(/etc/init.d/MarkLogic status)
21+
22+
if [[ "$ml_status" =~ "running" ]]; then
23+
http_code=$(curl -o /tmp/probe_response.txt -s -w "%{http_code}" "http://${HOSTNAME}:8001/admin/v1/timestamp")
24+
curl_code=$?
25+
http_resp=$(cat /tmp/probe_response.txt)
26+
27+
if [[ $curl_code -ne 0 && $http_code -ne 401 ]]; then
28+
log "Info: [Liveness Probe] Error with MarkLogic"
29+
log "Info: [Liveness Probe] Curl response code: "$curl_code
30+
log "Info: [Liveness Probe] Http response code: "$http_code
31+
log "Info: [Liveness Probe] Http response message: "$http_resp
32+
fi
33+
rm -f /tmp/probe_response.txt
34+
exit 0
35+
else
36+
exit 1
37+
fi
38+
39+

charts/templates/statefulset.yaml

Lines changed: 11 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -224,7 +224,9 @@ spec:
224224
{{- if .Values.hugepages.enabled }}
225225
- name: huge-pages
226226
mountPath: {{ .Values.hugepages.mountPath }}
227-
{{- end }}
227+
{{- end }}
228+
- name: scripts
229+
mountPath: /tmp/scripts
228230
env:
229231
- name: MARKLOGIC_ADMIN_USERNAME_FILE
230232
value: "ml-secrets/username"
@@ -576,9 +578,10 @@ spec:
576578
{{- end }}
577579
{{- if .Values.livenessProbe.enabled }}
578580
livenessProbe:
579-
httpGet:
580-
path: /
581-
port: health-check
581+
exec:
582+
command:
583+
- /bin/bash
584+
- /tmp/scripts/liveness-probe.sh
582585
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
583586
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
584587
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
@@ -596,17 +599,6 @@ spec:
596599
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
597600
successThreshold: {{ .Values.readinessProbe.successThreshold }}
598601
{{- end }}
599-
{{- if .Values.startupProbe.enabled }}
600-
startupProbe:
601-
exec:
602-
command:
603-
- ls
604-
- /var/opt/MarkLogic/ready
605-
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
606-
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
607-
successThreshold: {{ .Values.startupProbe.successThreshold }}
608-
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
609-
{{- end }}
610602
{{- with .Values.resources }}
611603
resources: {{- toYaml . | nindent 12 }}
612604
{{- end }}
@@ -666,6 +658,10 @@ spec:
666658
- name: mladmin-secrets
667659
secret:
668660
secretName: {{ include "marklogic.authSecretNameToMount" . }}
661+
- name: scripts
662+
configMap:
663+
name: {{ .Release.Name }}-scripts
664+
defaultMode: 0755
669665
{{- if .Values.logCollection.enabled }}
670666
- name: {{ include "marklogic.fullname" . }}-fb-config-map
671667
configMap:

charts/values.yaml

Lines changed: 2 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -264,7 +264,7 @@ containerSecurityContext:
264264
livenessProbe:
265265
enabled: true
266266
initialDelaySeconds: 300
267-
periodSeconds: 20
267+
periodSeconds: 10
268268
timeoutSeconds: 5
269269
failureThreshold: 15
270270
successThreshold: 1
@@ -279,26 +279,11 @@ livenessProbe:
279279
readinessProbe:
280280
enabled: false
281281
initialDelaySeconds: 10
282-
periodSeconds: 60
282+
periodSeconds: 10
283283
timeoutSeconds: 5
284284
failureThreshold: 3
285285
successThreshold: 1
286286

287-
## Configure options for startup probe
288-
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
289-
290-
################################################################
291-
## NOTE: See Limitations and known Issues in the README file ##
292-
################################################################
293-
294-
startupProbe:
295-
enabled: false
296-
initialDelaySeconds: 10
297-
periodSeconds: 20
298-
timeoutSeconds: 1
299-
failureThreshold: 30
300-
successThreshold: 1
301-
302287
## Configure options for log collection
303288
## Log collection will collect all logs for each file type enabled, parse them,
304289
## And export them to a logging backend specified in the outputs section below

0 commit comments

Comments
 (0)