Bind addresses are used as ip addresses to connect to server

[wkloucek]

Describe the bug

The healthchecks use the http server bind address for connection to the server, eg:

ocis/services/proxy/pkg/server/debug/server.go

Lines 20 to 22 in f54979f

	healthHandlerConfiguration := handlers.NewCheckHandlerConfiguration().
	WithLogger(options.Logger).
	WithCheck("web reachability", checks.NewHTTPCheck(options.Config.HTTP.Addr))

This fails if the http server bind address uses a bind-all-interfaces logic, like 0.0.0.0.

Steps to reproduce

1. Deploy eg. the development deployment example in Kubernetes
2. look at the pods

Expected behavior

Healthchecks succeed -> no pod restarts

Actual behavior

Healthchecks fail -> pod restarts

Setup

oCIS 6.6.0 in Kubernetes, eg. owncloud/ocis-charts#778

Additional context

[wkloucek]

I tried to workaround this by replacing the wildcard bind 0.0.0.0 by an actual interface ip, eg:

            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP

            - name: GATEWAY_GRPC_ADDR
              value: $(POD_IP):9142
            - name: GATEWAY_DEBUG_ADDR
              value: $(POD_IP):9143

But this fails on the gateway, because it tries to talk to itself via 127.0.0.1. During a quick search, I didn't find a config option to tell the gateway where it could contact itself...

[dj4oC]

priority escalation since it is blocking us

[micbar]

Known issue since yesterday, working on it. We are holding the release candidate until that is fixed.

[micbar]

Fixed by #10390 #10392 #10394

[micbar]

Release 6.6.1 in preparation #10401

[wkloucek]

Still an issue on v6.6.1-rc.1

[wkloucek]

Fixed by #10390 #10392 #10394

I'm not sure how the port changes will affect this bug. The config changes have actually no effect for the Helm Chart because this is setting this already since forever.

The difference / problem is, that oCIS by default has a bind address 127.0.0.1, which turns out to be a valid IP address, too. The Helm Chart uses the bind address 0.0.0.0 (speak: all interfaces), which is NO valid ip address.

Therefore the health checks fail in many pods, because they try to use the bind address to do the checks...

[dragonchaser]

I was not aware of that, sorry. We have to figure out the ip of one of the interface the bind actually happens and check with that.

[wkloucek]

We have to figure out the ip of one of the interface the bind actually happens and check with that.

I tried to do that on the Kubernetes side as a workaround, but failed on another place: #10381 (comment)

[dragonchaser]

#10405 might further improve things...

[wkloucek]

Seems to be fixed this time! I have no pod restarts when waiting for 5 minutes. (Testing with oCIS 6.6.1-rc.2)