-
Notifications
You must be signed in to change notification settings - Fork 380
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use gRPC-based liveness probe instead of tetra status #2478
Conversation
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
658a99a
to
513a5c1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lambdanis have we already started writing version specific upgrade guide? it might make sense to document this change, something like:
In v1.2 tetragon container uses the grpc liveness probe by default. To continue using "tetra status" for liveness probe,
specify tetragon.livenessProbe Helm value. For example:
tetragon:
livenessProbe:
timeoutSeconds: 60
exec:
command:
- tetra
- status
- --server-address
- "54321"
- --retries
- "5"
4f795cb
to
5caad77
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One Helm detail, but looks good, thanks!
5caad77
to
c693503
Compare
Now, we use tetra status command to report the status of tetragon agent. This comes with some overheads as tetra binary has a lot of additional functionality and it seems like an overkill to use that for status reporting. On the other hand, k8s supports liveness probes by using an gRPC endpoint (i.e. https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-grpc-liveness-probe). This patch first creates a dedicated gRPC server to report agent status that can be used for the liveness probe. Signed-off-by: Anastasios Papagiannis <[email protected]>
c693503
to
722cb5c
Compare
The previous commit introduced a gRPC server that can be used for the liveness probe. This patch changes helm to make that default instead of the tetra status based liveness probe. The user can still use the tetra status based liveness probe by defining a values file similar to: tetragon: livenessProbe: timeoutSeconds: 60 exec: command: - tetra - status - --server-address - "54321" - --retries - "5" Signed-off-by: Anastasios Papagiannis <[email protected]>
722cb5c
to
9ebe488
Compare
Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Now, we use tetra status command to report the status of tetragon agent. This comes with some overheads as tetra binary has a lot of additional functionality and it seems like an overkill to use that for status reporting.
On the other hand, k8s supports liveness probes by using an gRPC-based server. This first patch creates a new gRPC health server to report agent status. The second patch changes the helm chart to make use of that.