Merge pull request #44968 from MrHohn/kube-proxy-healthcheck

Automatic merge from submit-queue (batch tested with PRs 44727, 45409, 44968, 45122, 45493) Separate healthz server from metrics server in kube-proxy From #14661, proposal is on kubernetes/community#552. Couple bullet points as in commit: - /healthz will be served on 0.0.0.0:10256 by default. - /metrics and /proxyMode will be served on port 10249 as before. - Healthz handler will verify timestamp in iptables mode. /assign @nicksardo @bowei @thockin **Release note**: ```release-note NONE ```
2026-01-04 15:05:20 +00:00 · 2017-05-08 14:54:38 -07:00
parent 95d8fbb599 e5db5dc3a1
commit 332b095ca9
16 changed files with 209 additions and 24 deletions
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@@ -301,6 +301,7 @@ type Proxier struct {
 	portMapper     portOpener
 	recorder       record.EventRecorder
 	healthChecker  healthcheck.Server
+	healthzServer  healthcheck.HealthzUpdater
 }

 type localPort struct {
@@ -351,6 +352,7 @@ func NewProxier(ipt utiliptables.Interface,
 	hostname string,
 	nodeIP net.IP,
 	recorder record.EventRecorder,
+	healthzServer healthcheck.HealthzUpdater,
 ) (*Proxier, error) {
 	// check valid user input
 	if minSyncPeriod > syncPeriod {
@@ -414,6 +416,7 @@ func NewProxier(ipt utiliptables.Interface,
 		portMapper:       &listenPortOpener{},
 		recorder:         recorder,
 		healthChecker:    healthChecker,
+		healthzServer:    healthzServer,
 	}, nil
 }

@@ -513,6 +516,10 @@ func (proxier *Proxier) Sync() {
 func (proxier *Proxier) SyncLoop() {
 	t := time.NewTicker(proxier.syncPeriod)
 	defer t.Stop()
+	// Update healthz timestamp at beginning in case Sync() never succeeds.
+	if proxier.healthzServer != nil {
+		proxier.healthzServer.UpdateTimestamp()
+	}
 	for {
 		<-t.C
 		glog.V(6).Infof("Periodic sync")
@@ -1488,6 +1495,11 @@ func (proxier *Proxier) syncProxyRules(reason syncReason) {
 	}
 	proxier.portsMap = replacementPortsMap

+	// Update healthz timestamp if it is periodic sync.
+	if proxier.healthzServer != nil && reason == syncReasonForce {
+		proxier.healthzServer.UpdateTimestamp()
+	}
+
 	// Update healthchecks.  The endpoints list might include services that are
 	// not "OnlyLocal", but the services list will not, and the healthChecker
 	// will just drop those endpoints.