add on-cluster healtcheck test and prevent enforced false on not healhy probes

[maksymvavilov]

No description provided.

[codecov]

Codecov Report

Attention: Patch coverage is 84.31373% with 8 lines in your changes missing coverage. Please review.

Project coverage is 76.91%. Comparing base (cc1b41f) to head (9a065cb).
Report is 9 commits behind head on main.

Files with missing lines	Patch %	Lines
controllers/dnspolicy_status_updater.go	82.75%	4 Missing and 1 partial ⚠️
controllers/dns_workflow.go	85.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #977      +/-   ##
==========================================
+ Coverage   76.15%   76.91%   +0.76%     
==========================================
  Files         111      111              
  Lines        8986     8944      -42     
==========================================
+ Hits         6843     6879      +36     
+ Misses       1852     1786      -66     
+ Partials      291      279      -12     

Flag	Coverage Δ
bare-k8s-integration	11.50% <0.00%> (+0.63%)	⬆️
controllers-integration	59.10% <84.31%> (+0.24%)	⬆️
envoygateway-integration	32.10% <0.00%> (-0.41%)	⬇️
gatewayapi-integration	13.21% <0.00%> (-0.23%)	⬇️
istio-integration	34.19% <0.00%> (-0.14%)	⬇️
unit	25.94% <0.00%> (+0.57%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
api/v1beta1 (u)	92.18% <100.00%> (ø)
api/v1beta2 (u)	∅ <ø> (∅)
pkg/common (u)	87.67% <ø> (ø)
pkg/istio (u)	47.03% <ø> (ø)
pkg/log (u)	93.18% <ø> (ø)
pkg/reconcilers (u)	∅ <ø> (∅)
pkg/rlptools (u)	∅ <ø> (∅)
controllers (i)	85.17% <90.25%> (+0.74%)	⬆️

Files with missing lines	Coverage Δ
api/v1/dnspolicy_types.go	77.57% <100.00%> (+9.34%)	⬆️
controllers/dns_workflow.go	87.09% <85.00%> (-4.69%)	⬇️
controllers/dnspolicy_status_updater.go	88.74% <82.75%> (-1.43%)	⬇️

... and 10 files with indirect coverage changes

[maleck13]

This needs to land in v1 now

[maksymvavilov]

rebased. It is v1 now

[maleck13]

no as in it needs go into the types in the v1 folde

[maksymvavilov]

I have a bad habit of commenting before the push. It is, I promise 😆

[maleck13]

not 100% sure if this should be here or not @mikenairn ?

[mikenairn]

Are you expecting this to ever be used by anything other than DNSPolicy? Seems unlikely, I'd probably move it all into the dns_workflow

[maksymvavilov]

It is strange to have a condition defined in the workflow and not alongside other conditions 🤔 don't have a strong opinion on this, however - moved

[mikenairn]

🤷 Put it wherever you like, it's not a gateway api status like "Enforce/Accepted", and is dns policy specific is all I'm saying.

[maleck13]

should this message be
not all sub-resources of policy are passing the policy defined health check? ? might be a bit more obvious then?

[maksymvavilov]

changed the message

[maleck13]

We need these changes against v1 now. Also not sure if we want the condition stuff under library will wait for @mikenairn on that one. Otherwise it looks good

[maksymvavilov]

duplicating checks from the dns-operator. This is technically redundant as it will influence enforced down the line, but I want to be sure that we are not ready for a correct reason

[maksymvavilov]

This one is redundant as well. If we are ready then we either don't have healthy cond or it is true. For this suite we never have healthy - true but I still would like to have a check for this

[maksymvavilov]

Checking for the absence of a wildcard here is redundant as well. If we are partially enforced and have a normal record - wildcard is ready -> wildcard is not affected by healthchecks. But still would like to have it checked

[maksymvavilov]

If we are partially enforced with only two records it is sufficient to only check for the presence of one of the records. Leaving it here to be extra cautious.