This commit is contained in:
@@ -24,6 +24,8 @@ export function statusScript(sub2api: Sub2ApiConfig, target: Sub2ApiTargetConfig
|
||||
const externalPending = target.databaseMode === "external-pending";
|
||||
const externalActive = target.databaseMode === "external-active";
|
||||
const proxy = target.egressProxy?.enabled ? target.egressProxy : null;
|
||||
const localHttps = target.publicExposure?.enabled === true && target.publicExposure.mode === "node-local-https" ? target.publicExposure.localHttps : null;
|
||||
const localHttpsExposure = localHttps === null ? null : target.publicExposure;
|
||||
const expectedProxyEnv = sub2ApiProxyEnv(target);
|
||||
const cleanupPlan = managedResourceCleanupPlan(sub2api, target);
|
||||
const appSecretName = sub2api.runtime.database.secretName;
|
||||
@@ -52,6 +54,32 @@ capture_json cronjobs kubectl -n ${target.namespace} get cronjob -l app.kubernet
|
||||
capture_json ingresses kubectl -n ${target.namespace} get ingress
|
||||
capture_json quotas kubectl -n ${target.namespace} get resourcequota
|
||||
capture_json limitranges kubectl -n ${target.namespace} get limitrange
|
||||
local_https_rc=0
|
||||
local_https_ps_rc=0
|
||||
local_https_probe_rc=0
|
||||
local_https_action="not-enabled"
|
||||
local_https_ps=""
|
||||
local_https_probe_url=""
|
||||
if [ "${localHttps === null ? "false" : "true"}" = "true" ]; then
|
||||
local_https_action="inspect"
|
||||
local_https_ps="$(docker ps --filter ${localHttps === null ? "\"\"" : shQuote(`name=^/${localHttps.containerName}$`)} --format '{{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}' 2>"$tmp/local-https-ps.err" || true)"
|
||||
if [ -n "$local_https_ps" ]; then local_https_ps_rc=0; else local_https_ps_rc=1; fi
|
||||
printf '%s' "$local_https_ps" >"$tmp/local-https-ps.out"
|
||||
local_https_probe_url=${localHttpsExposure === null ? "\"\"" : shQuote(`${localHttpsExposure.publicBaseUrl}/health`)}
|
||||
curl --noproxy '*' -kfsS --connect-timeout 5 --max-time 20 --resolve ${localHttpsExposure === null || localHttps === null ? "\"\"" : shQuote(`${localHttpsExposure.dns.hostname}:${localHttps.httpsPort}:127.0.0.1`)} "$local_https_probe_url" >"$tmp/local-https-probe.out" 2>"$tmp/local-https-probe.err"
|
||||
local_https_probe_rc=$?
|
||||
if [ "$local_https_ps_rc" -ne 0 ] || [ "$local_https_probe_rc" -ne 0 ]; then local_https_rc=1; fi
|
||||
else
|
||||
: >"$tmp/local-https-ps.out"
|
||||
: >"$tmp/local-https-ps.err"
|
||||
: >"$tmp/local-https-probe.out"
|
||||
: >"$tmp/local-https-probe.err"
|
||||
fi
|
||||
printf '%s' "$local_https_rc" >"$tmp/local-https.rc"
|
||||
printf '%s' "$local_https_ps_rc" >"$tmp/local-https-ps.rc"
|
||||
printf '%s' "$local_https_probe_rc" >"$tmp/local-https-probe.rc"
|
||||
printf '%s' "$local_https_action" >"$tmp/local-https-action.txt"
|
||||
printf '%s' "$local_https_probe_url" >"$tmp/local-https-probe-url.txt"
|
||||
pod_name="$(kubectl -n ${target.namespace} get pod -l app.kubernetes.io/name=${serviceName},app.kubernetes.io/component=app -o jsonpath='{.items[0].metadata.name}' 2>"$tmp/pod-name.err" || true)"
|
||||
printf '%s' "$pod_name" >"$tmp/pod-name.txt"
|
||||
if [ -n "$pod_name" ]; then
|
||||
@@ -90,10 +118,11 @@ def items(name):
|
||||
return []
|
||||
return data.get("items") or []
|
||||
|
||||
def text(name):
|
||||
def text(name, limit=None):
|
||||
path = os.path.join(tmp, name)
|
||||
try:
|
||||
return open(path, encoding="utf-8", errors="replace").read()
|
||||
data = open(path, encoding="utf-8", errors="replace").read()
|
||||
return data if limit is None else data[-limit:]
|
||||
except FileNotFoundError:
|
||||
return ""
|
||||
|
||||
@@ -383,7 +412,7 @@ else:
|
||||
state_model_ok = local_postgres_present and sub2api_desired_aligned and redis_desired_aligned
|
||||
status_label = "pending-external-db" if external_pending else "external-db-active" if external_active else "active"
|
||||
payload = {
|
||||
"ok": rc("ns") == 0 and workload_ready and image_aligned and url_allowlist_aligned and proxy_env_aligned and network_policy["ok"] and boundary["internalOnly"] and len(resource_violations) == 0 and boundary["resourceQuotaCount"] == 0 and boundary["limitRangeCount"] == 0 and secret_ok and state_model_ok,
|
||||
"ok": rc("ns") == 0 and workload_ready and image_aligned and url_allowlist_aligned and proxy_env_aligned and network_policy["ok"] and boundary["internalOnly"] and len(resource_violations) == 0 and boundary["resourceQuotaCount"] == 0 and boundary["limitRangeCount"] == 0 and secret_ok and state_model_ok and rc("local-https") == 0,
|
||||
"target": "${target.id}",
|
||||
"route": "${target.route}",
|
||||
"namespace": "${target.namespace}",
|
||||
@@ -399,6 +428,19 @@ payload = {
|
||||
"services": [service_summary(item) for item in services],
|
||||
"pvcs": [pvc_summary(item) for item in pvcs],
|
||||
"networkPolicy": network_policy,
|
||||
"localHttpsExposure": {
|
||||
"enabled": ${localHttps === null ? "False" : "True"},
|
||||
"action": text("local-https-action.txt"),
|
||||
"ok": rc("local-https") == 0,
|
||||
"mode": ${localHttps === null ? "None" : JSON.stringify("node-local-docker-caddy")},
|
||||
"publicBaseUrl": ${localHttpsExposure === null ? "None" : JSON.stringify(localHttpsExposure.publicBaseUrl)},
|
||||
"hostname": ${localHttpsExposure === null ? "None" : JSON.stringify(localHttpsExposure.dns.hostname)},
|
||||
"bind": ${localHttps === null ? "None" : JSON.stringify(`${localHttps.hostBind}:${localHttps.httpsPort}`)},
|
||||
"containerName": ${localHttps === null ? "None" : JSON.stringify(localHttps.containerName)},
|
||||
"ps": {"exitCode": rc("local-https-ps"), "stdout": text("local-https-ps.out"), "stderr": text("local-https-ps.err")},
|
||||
"probe": {"exitCode": rc("local-https-probe"), "url": text("local-https-probe-url.txt"), "stdout": text("local-https-probe.out", 2000), "stderr": text("local-https-probe.err", 2000)},
|
||||
"valuesPrinted": False,
|
||||
},
|
||||
"secret": {
|
||||
"name": "${appSecretName}",
|
||||
"exists": rc("secrets") == 0,
|
||||
|
||||
Reference in New Issue
Block a user