improvement(neutronapi): Enhance readiness probe to verify SSL certificate presence

son-vyas · son-vyas · commit 882c6c895c80 · 2024-08-29T20:59:12.000+05:30
- Updated the existing readiness probe in the Neutron API deployment to check for the presence of the internal.crt SSL certificate before marking the pod as ready.
- Applied the SSL certificate check to the HTTPD container as well, ensuring secure traffic handling.
- Improved the deployment reliability by ensuring that pods are only marked as ready when they have the necessary SSL certificates in place.
diff --git a/pkg/neutronapi/deployment.go b/pkg/neutronapi/deployment.go
@@ -56,8 +56,14 @@ func Deployment(
 		TimeoutSeconds:      30,
 		PeriodSeconds:       30,
 		InitialDelaySeconds: 5,
+		Exec: &corev1.ExecAction{
+			Command: []string{
+				"cat",
+				"/etc/pki/tls/certs/internal.crt",
+			},
+		},
 	}
-	args := []string{"-c", ServiceCommand}
+       args := []string{"-c", ServiceCommand}
 	httpdArgs := []string{"-DFOREGROUND"}
 
 	//
@@ -71,7 +77,7 @@ func Deployment(
 		Path: "/",
 		Port: intstr.IntOrString{Type: intstr.Int, IntVal: int32(NeutronPublicPort)},
 	}
-
+	// Use HTTPS if TLS is enabled
 	if instance.Spec.TLS.API.Enabled(service.EndpointPublic) {
 		livenessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS
 		readinessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS
@@ -93,6 +99,7 @@ func Deployment(
 		httpdVolumeMounts = append(httpdVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 	}
 
+	// handle TLS certificates for HTTPD
 	for _, endpt := range []service.Endpoint{service.EndpointInternal, service.EndpointPublic} {
 		if instance.Spec.TLS.API.Enabled(endpt) {
 			var tlsEndptCfg tls.GenericService
@@ -134,8 +141,7 @@ func Deployment(
 			Selector: &metav1.LabelSelector{
 				MatchLabels: labels,
 			},
-			PodManagementPolicy: appsv1.ParallelPodManagement,
-			Replicas:            instance.Spec.Replicas,
+			Replicas: instance.Spec.Replicas,
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
 					Annotations: annotations,
@@ -154,6 +160,7 @@ func Deployment(
 							VolumeMounts:             apiVolumeMounts,
 							Resources:                instance.Spec.Resources,
 							LivenessProbe:            livenessProbe,
+							ReadinessProbe:           readinessProbe,
 							TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
 						},
 						{
@@ -175,10 +182,9 @@ func Deployment(
 			},
 		},
 	}
-
-	// If possible two pods of the same service should not
-	// run on the same worker node. If this is not possible
-	// the get still created on the same worker node.
+       // If possible two pods of the same service should not
+       // run on the same worker node. If this is not possible
+       // the get still created on the same worker node.
 	deployment.Spec.Template.Spec.Affinity = affinity.DistributePods(
 		common.AppSelector,
 		[]string{
