Use lib-common DownwardAPI to retrieve pod IP#550
Use lib-common DownwardAPI to retrieve pod IP#550bshephar wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: bshephar The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @bshephar. Thanks for your PR. I'm waiting for a openstack-k8s-operators member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@gibizer @fmount @stuggi Hey folks, happy New Year. Welcome to 2026. Trying to solve a problem with IPV6 addresses raised by: I had initially proposed doing it this way: I know that @deshipu wasn't a huge fan of that implementation from the beginning. So, this is an attempt to find a compromise and still fix the problem of allowing Liveness/Readiness probes to healthcheck the individual pods. What do y'all think of this alternative? |
This change uses the `lib-common` env `DownwardAPI` [1] to write the pods IP to the env vars of the pod. We then retrieve this in `local_settings.py` to populate `ALLOWED_HOSTS`. [1] https://github.com/openstack-k8s-operators/lib-common/blob/main/modules/common/env/env.go#L100-L114 Fixes openstack-k8s-operators#487 Jira: https://issues.redhat.com/browse/OSPRH-19216 Signed-off-by: Brendan Shephard <bshephar@bne-home.net>
bshephar
force-pushed
the
dowward-api-pod-ip
branch
from
e822a85 to
3b10d73
Compare
|
Maybe we can avoid putting anything in That might be an even nicer approach actually - assuming that would actually work. Like, a request to the pod IP, but setting the |
|
Hi and Happy New Year! If it works as intended, I'd prefer this implementation. its simple and easy. |
|
+1 from me as well. It is clean enough and the complexity to achieve the goal is minimal. I wanted to check some logs coming at least from the build-deploy job, but I don't see horizon enabled [1]. |
gibizer
left a comment
gibizer
left a comment
There was a problem hiding this comment.
Happy New Year!
I only have clarification question but feel free to ignore me to merge this without me as I saw others are OK with this approach and I'm pretty unfamiliar with this.
I'm low on context here. Does simply adding "localhost" and "::1" to the ALLOWED_HOSTS not enough to allow the probes to access horizon?
| envVars["ENABLE_WATCHER"] = env.SetValue(enabledServices["watcher"]) | ||
| envVars["CONFIG_HASH"] = env.SetValue(configHash) | ||
| envVars["UNPACK_THEME"] = env.SetValue("true") | ||
| envVars["POD_IP"] = env.DownwardAPI("status.podIP") |
There was a problem hiding this comment.
I'm not familiar with the IP handling of k8s. Is the IP pre-determined before a pod is created? Without that I don't see how this construct can inject the IP of the pod to the env of the process running within the pod as seems it seems circular (we need to create the pod to know the IP, but we need to add that IP to the pod ENV when it is started)jm
There was a problem hiding this comment.
Yeah, I mean, we should be able to see if this is a problem in the CI env logs I guess. But the IP is allocated from the CNI prior to the pod starting iiuc.
I'll check the must-gather to see if we can confirm this though.
Hey! Na, unfortunately not. But it is a fair question, so context for everyone else. ALLOWED_HOSTS is a list of sites Django is allowed to serve. So for example, horizon.example.net, 192.168.3.4, etc. Ref: https://docs.djangoproject.com/en/6.0/ref/settings/#allowed-hosts So we need to add each pod IP to the list, otherwise the pod won't respond to the health check request. |
Ahh OK. Thanks. So we put the pod's IP to the allowed list and assume that the probe is using that IP when requesting some URL from the pod to check readyness/liveness. Make sense. |
4 participants
This change uses the
lib-commonenvDownwardAPI[1] to write the pods IP to the env vars of the pod. We then retrieve this inlocal_settings.pyto populateALLOWED_HOSTS.[1] https://github.com/openstack-k8s-operators/lib-common/blob/main/modules/common/env/env.go#L100-L114
Fixes #487
Jira: https://issues.redhat.com/browse/OSPRH-19216