Merge pull request #42613 from pipejakob/fix-health-port

Automatic merge from submit-queue

kubeadm: Make kube-apiserver's liveness probe match its bindport.

The `kube-apiserver` liveness probe port had previously been hardcoded, so if you used `--apiserver-bind-port` to override the default port (6443), then the health check for the pod would quickly fail and kubelet would continuously kill the apiserver.

**Which issue this PR fixes**: fixes https://github.com/kubernetes/kubeadm/issues/196

**Release note**:

```release-note
kubeadm: fix kube-apiserver liveness probe port when --apiserver-bind-port given
```

cmd/kubeadm/app/master/BUILD

@@ -48,6 +48,7 @@ go_test(
     deps = [
         "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
         "//vendor:k8s.io/apimachinery/pkg/util/intstr",
+        "//vendor:k8s.io/apimachinery/pkg/util/yaml",
         "//vendor:k8s.io/client-go/pkg/api/v1",
     ],
 )

cmd/kubeadm/app/master/manifests.go

@@ -75,7 +75,7 @@ func WriteStaticPodManifests(cfg *kubeadmapi.MasterConfiguration) error {
 			Image:         images.GetCoreImage(images.KubeAPIServerImage, cfg, kubeadmapi.GlobalEnvParams.HyperkubeImage),
 			Command:       getAPIServerCommand(cfg, false),
 			VolumeMounts:  volumeMounts,
-			LivenessProbe: componentProbe(6443, "/healthz", api.URISchemeHTTPS),
+			LivenessProbe: componentProbe(int(cfg.API.BindPort), "/healthz", api.URISchemeHTTPS),
 			Resources:     componentResources("250m"),
 			Env:           getProxyEnvVars(),
 		}, volumes...),

cmd/kubeadm/app/master/manifests_test.go

@@ -25,6 +25,7 @@ import (
 	"testing"
 
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/apimachinery/pkg/util/yaml"
 	api "k8s.io/client-go/pkg/api/v1"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
@@ -47,11 +48,21 @@ func TestWriteStaticPodManifests(t *testing.T) {
 	var tests = []struct {
 		cfg                  *kubeadmapi.MasterConfiguration
 		expected             bool
+		expectedAPIProbePort int32
 	}{
 		{
 			cfg:      &kubeadmapi.MasterConfiguration{},
 			expected: true,
 		},
+		{
+			cfg: &kubeadmapi.MasterConfiguration{
+				API: kubeadmapi.API{
+					BindPort: 443,
+				},
+			},
+			expected:             true,
+			expectedAPIProbePort: 443,
+		},
 	}
 	for _, rt := range tests {
 		actual := WriteStaticPodManifests(rt.cfg)
@@ -61,6 +72,46 @@ func TestWriteStaticPodManifests(t *testing.T) {
 				rt.expected,
 				(actual == nil),
 			)
+			continue
+		}
+
+		if rt.expectedAPIProbePort != 0 {
+			manifest, err := os.Open(fmt.Sprintf("%s/manifests/kube-apiserver.yaml", kubeadmapi.GlobalEnvParams.KubernetesDir))
+			if err != nil {
+				t.Error("WriteStaticPodManifests: error opening manifests/kube-apiserver.yaml")
+				continue
+			}
+
+			var pod api.Pod
+			d := yaml.NewYAMLOrJSONDecoder(manifest, 4096)
+			if err := d.Decode(&pod); err != nil {
+				t.Error("WriteStaticPodManifests: error decoding manifests/kube-apiserver.yaml into Pod")
+				continue
+			}
+
+			// Lots of individual checks as we traverse pointers so we don't panic dereferencing a nil on failure
+			containers := pod.Spec.Containers
+			if containers == nil || len(containers) == 0 {
+				t.Error("WriteStaticPodManifests: wrote an apiserver manifest without any containers")
+				continue
+			}
+
+			probe := containers[0].LivenessProbe
+			if probe == nil {
+				t.Error("WriteStaticPodManifests: wrote an apiserver manifest without a liveness probe")
+				continue
+			}
+
+			httpGET := probe.Handler.HTTPGet
+			if httpGET == nil {
+				t.Error("WriteStaticPodManifests: wrote an apiserver manifest without an HTTP liveness probe")
+				continue
+			}
+
+			port := httpGET.Port.IntVal
+			if rt.expectedAPIProbePort != port {
+				t.Errorf("WriteStaticPodManifests: apiserver pod liveness probe port was: %v, wanted %v", port, rt.expectedAPIProbePort)
+			}
 		}
 	}
 }