operator: add readiness check to Cluster statefulset

joejulian · Oct 20, 2023 · a3ca456 · a3ca456
1 parent b3399a1
commit a3ca456
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 3 deletions.
diff --git a/src/go/k8s/pkg/resources/certmanager/type_helpers.go b/src/go/k8s/pkg/resources/certmanager/type_helpers.go
@@ -602,8 +602,8 @@ func (cc *ClusterCertificates) Volumes() (
 		mountPoints.AdminAPI.NodeCertMountDir,
 		adminAPIClientCAVolName,
 		mountPoints.AdminAPI.ClientCAMountDir,
-		false,
-		false,
+		true,
+		true,
 	)
 	vols = append(vols, vol...)
 	mounts = append(mounts, mount...)
@@ -704,7 +704,6 @@ func secretVolumesForTLS(
 		clientCACertVolume.VolumeSource.Secret.Items = append(clientCACertVolume.VolumeSource.Secret.Items, caPath)
 	}
 
-	// Why do we need to mount the client certificate and key in RP? SEEMS NOT NEEDED.
 	if len(clientCertificates) > 0 && shouldIncludeClientCert {
 		clientCACertVolume.VolumeSource.Secret.Items = append(
 			clientCACertVolume.VolumeSource.Secret.Items,

diff --git a/src/go/k8s/pkg/resources/statefulset.go b/src/go/k8s/pkg/resources/statefulset.go
@@ -319,6 +319,20 @@ func (r *StatefulSetResource) obj(
 
 	tlsVolumes, tlsVolumeMounts := r.volumeProvider.Volumes()
 
+	rpkFlags := []string{}
+	u := fmt.Sprintf("%s://${POD_NAME}.%s:%d", r.pandaCluster.AdminAPIInternal().GetHTTPScheme(), r.serviceFQDN, r.pandaCluster.AdminAPIInternal().GetPort())
+	rpkFlags = append(rpkFlags, fmt.Sprintf("--api-urls %q", u))
+	if r.pandaCluster.AdminAPIInternal().GetTLS().Enabled {
+		rpkFlags = append(rpkFlags,
+			"--admin-api-tls-enabled",
+			fmt.Sprintf("--admin-api-tls-truststore %q", path.Join(resourcetypes.GetTLSMountPoints().AdminAPI.NodeCertMountDir, "ca.crt")))
+	}
+	if r.pandaCluster.AdminAPIInternal().GetTLS().RequireClientAuth {
+		rpkFlags = append(rpkFlags,
+			fmt.Sprintf("--admin-api-tls-cert %q", path.Join(resourcetypes.GetTLSMountPoints().AdminAPI.ClientCAMountDir, "tls.crt")),
+			fmt.Sprintf("--admin-api-tls-key %q", path.Join(resourcetypes.GetTLSMountPoints().AdminAPI.ClientCAMountDir, "tls.key")))
+	}
+
 	// We set statefulset replicas via status.currentReplicas in order to control it from the handleScaling function
 	replicas := r.pandaCluster.GetCurrentReplicas()
 
@@ -526,6 +540,13 @@ func (r *StatefulSetResource) obj(
 									ContainerPort: int32(r.pandaCluster.Spec.Configuration.RPCServer.Port),
 								},
 							}, r.getPorts()...),
+							ReadinessProbe: &corev1.Probe{
+								ProbeHandler: corev1.ProbeHandler{
+									Exec: &corev1.ExecAction{
+										Command: []string{"bash", "-xc", fmt.Sprintf("rpk cluster health %s| grep 'Healthy:.*true'", strings.Join(rpkFlags, " "))},
+									},
+								},
+							},
 							SecurityContext: &corev1.SecurityContext{
 								RunAsUser:  pointer.Int64(userID),
 								RunAsGroup: pointer.Int64(groupID),