openservicemesh / osm-health Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
osm-health's People
Contributors
Stargazers
Watchers
osm-health's Issues
Ensure files within the repo follow the same naming convention
There are several files within the repo that have the format abc_def.go, abc-def.go and abcDef.go. We should choose 1 go file naming convention and stick to it. We could refer to standard golang naming conventions and refactor our filenames.
Upload bin release artifacts
Currently for the latest release there are no bin artifacts. Users should be able to download the bins without having to build themselves. Building and uploading artifacts to a release can be automated in the workflow.
Checks should be chainable based on the outcomes of previous checks
Right now we run all checks in a series, but there could some scenarios where a number of checks preclude each other.
Ex 1: in the osm-health connectivity pod-to-pod command, if we were to add a check for permissive traffic policy mode, any SMI traffic target checks would not be run.
Ex 2: in the same command - if the pods are referenced by a traffic target, could do an additional check to output whether the protocol is tcp or httproute. (that being said, this particular example could be achieved by including the protocol type in the diagnostic info of the check)
I think there are enough cases where adding this additional logic would be beneficial. This would require updating checks to have a distinct output that could be used to preclude other checks being run. Would require some changes to the runner and probably a GetOutcomeType() method added to the outcomes created in #70
RDS virtual host domain check for pod-to-pod connectivity looks for pod name instead of service name
HasOutboundDynamicRouteConfigDomainPodCheck and HasInboundDynamicRouteConfigDomainPodCheck currently look for pod names in the domains for the virtual hosts of the rds-outbound and rds-inbound route configs where they should be looking for the names of the service(s) backed by the pod.
Ensure commands follow the same style convention
Ensure that all osm-health commands and subcommands follow the same convention regarding casing (camel case vs underscore vs hyphens). We have several commands/subcommands where cmdA-cmdB, cmdA_cmdB, and cmdACmdB exist. An example is "osm-health control-plane status"
Implement ingress setup validation
The GitHub Issue here is to create an osm-health check for ingress.
In the following repo I documented 3 different Ingress scenarios.
- Check which Ingress helm chart is installed
- Check for correct annotations on the Ingress resource
- Check for correct configuration of Contour ConfigMap
- Check for correct inbound port exclusions
- Check for existence and validity of mTLS certificate
- Check for proper MeshConfig
- Check correctness of IngressBackend configuration
... etc.
Scenarios
(copied from https://github.com/draychev/osm-benchmarks/tree/main/ingress-benchmarks#readme)
-
Contour + OSM - Contour is given an mTLS certificate to participate in the mesh
-
NGINX + OSM - NGINX is given an mTLS cert
-
NGINX in the OSM mesh - Nginx is installed in a namespace, which participates in the mesh and is sidecared with an Envoy proxy (one pod 2 proxies - one Nginx, one Envoy)
The experiment was ran on 3 unique AKS clusters with the same characteristics.
Here is a Contour setup
#!/bin/bash
set -auexo pipefail
## Just making sure we don't make a mess on the same cluster
kubectx one
OSM_NAMESPACE="${OSM_NAMESPACE:-osm-system}"
BOOKBUYER_NAMESPACE='bookbuyer'
BOOKSTORE_NAMESPACE='bookstore'
# Cleanup
kubectl delete namespace $(kubectl get namespaces --no-headers | awk '{print $1}' | grep -E '^book') --wait || true
kubectl create namespace bookbuyer
kubectl create namespace bookstore
osm namespace add bookbuyer
osm namespace add bookstore
########################################
# Enable SMI mode
echo -e "Enable SMI mode (permissiveTrafficPolicyMode = false"
kubectl patch meshconfig osm-mesh-config \
--namespace $OSM_NAMESPACE \
--patch '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":false}}}' \
--type=merge
########################################
./deploy-apps.sh
kubectl annotate \
service bookstore -n bookstore \
projectcontour.io/upstream-protocol.tls='14001' \
--overwrite
./copy-osm-ca-bundle.sh
########################################
# Install Contour Ingress Controller in the defualt namespace
kubectl create namespace ingress-contour || true
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm upgrade \
--install contour bitnami/contour \
--namespace ingress-contour \
--create-namespace \
--version 4.3.9
if [ $? != 0 ]; then
echo "Error installing Contour."
exit 1
fi
# Either patch or edit the config map and add the TLS params below
kubectl patch ConfigMap contour \
-n ingress-contour \
-p '{"data":{"contour.yaml":{"tls":"envoy-client-certificate":{"name":"osm-ingress-mtls","namespace":"ingress-contour"}}}}' \
--type=merge || true
# Here is the Contour ConfigMap
### data:
### contour.yaml: |
### accesslog-format: envoy
### disablePermitInsecure: false
### envoy-service-name: 'contour-envoy'
### leaderelection:
### configmap-namespace: 'ingress-contour'
### tls:
### fallback-certificate: null
### envoy-client-certificate:
### name: osm-ingress-mtls
### namespace: ingress-contour
kubectl label namespace ingress-contour openservicemesh.io/monitored-by=osm --overwrite=true
kubectl rollout restart -n ingress-contour deployment contour-contour
# Remove the old cert -- OSM will create a new one
kubectl delete secret -n ingress-contour osm-ingress-mtls || true
kubectl patch MeshConfig \
osm-mesh-config \
--namespace $OSM_NAMESPACE \
--patch '{"spec":{"certificate":{"ingressGateway":{"subjectAltNames":["ingress-contour.ingress-contour.cluster.local"], "validityDuration":"24h", "secret":{"name":"osm-ingress-mtls","namespace":"ingress-contour"}}}}}' \
--type=merge
kubectl apply -f - <<EOF
---
apiVersion: projectcontour.io/v1
kind: TLSCertificateDelegation
metadata:
name: ca-secret
namespace: ingress-contour
spec:
delegations:
- secretName: osm-ca-bundle
targetNamespaces:
- bookstore
---
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: bookstore
namespace: bookstore
spec:
virtualhost:
fqdn: osm-bookstore.contoso.com
routes:
- services:
- name: bookstore
port: 14001
validation:
caSecret: osm-ca-bundle
subjectName: bookstore.bookstore.cluster.local
---
apiVersion: policy.openservicemesh.io/v1alpha1
kind: IngressBackend
metadata:
name: bookstore
namespace: bookstore
spec:
backends:
- name: bookstore
port:
number: 14001
protocol: https
tls:
skipClientCertValidation: false
sources:
- kind: Service
name: contour-envoy
namespace: ingress-contour
- kind: AuthenticatedPrincipal
name: ingress-contour.ingress-contour.cluster.local
EOF
#########################################33
./show-debug.shHere is NGINX setup
#!/bin/bash
set -auexo pipefail
## Just making sure we don't make a mess on the same cluster
kubectx two
OSM_NAMESPACE="${OSM_NAMESPACE:-osm-system}"
BOOKBUYER_NAMESPACE='bookbuyer'
BOOKSTORE_NAMESPACE='bookstore'
# Cleanup
# kubectl delete namespace $(kubectl get namespaces --no-headers | awk '{print $1}' | grep -E '^book') --wait || true
kubectl create namespace bookbuyer || true
kubectl create namespace bookstore || true
osm namespace add bookbuyer
osm namespace add bookstore
########################################
# Enable SMI mode
echo -e "Enable SMI mode (permissiveTrafficPolicyMode = false"
kubectl patch meshconfig osm-mesh-config \
--namespace $OSM_NAMESPACE \
--patch '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":false}}}' \
--type=merge
########################################
# Install Nginx Ingress Controller in the defualt namespace
# helm upgrade \
# --install ingress-nginx ingress-nginx \
# --repo https://kubernetes.github.io/ingress-nginx \
# --namespace ingress-nginx \
# --create-namespace
kubectl label namespace ingress-nginx openservicemesh.io/monitored-by=osm --overwrite=true
# Remove the old cert -- OSM will create a new one
kubectl delete secret -n ingress-nginx osm-ingress-mtls || true
kubectl patch MeshConfig \
osm-mesh-config \
--namespace $OSM_NAMESPACE \
--patch '{"spec":{"certificate":{"ingressGateway":{"subjectAltNames":["ingress-nginx.ingress-nginx.cluster.local"], "validityDuration":"24h", "secret":{"name":"osm-ingress-mtls","namespace":"ingress-nginx"}}}}}' \
--type=merge
kubectl rollout restart -n ingress-nginx deployment ingress-nginx-controller
kubectl delete ValidatingWebhookConfiguration ingress-nginx-admission || true
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bookstore
namespace: bookstore
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# proxy_ssl_name for a service is of the form <service-account>.<namespace>.cluster.local
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_ssl_name "bookstore.bookstore.cluster.local";
nginx.ingress.kubernetes.io/proxy-ssl-secret: "ingress-nginx/osm-ingress-mtls"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
ingressClassName: nginx
rules:
- host: osm-bookstore.contoso.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bookstore
port:
number: 14001
EOF
kubectl apply -f - <<EOF
apiVersion: policy.openservicemesh.io/v1alpha1
kind: IngressBackend
metadata:
name: bookstore
namespace: bookstore
spec:
backends:
- name: bookstore
port:
number: 14001
protocol: https
tls:
skipClientCertValidation: true
sources:
- kind: Service
name: ingress-nginx-controller
namespace: ingress-nginx
- kind: AuthenticatedPrincipal
name: ingress-nginx.ingress-nginx.cluster.local
EOF
#########################################33
./deploy-apps.sh
./show-debug.shHere is NGINX inmesh
#!/bin/bash
set -auexo pipefail
## Just making sure we don't make a mess on the same cluster
kubectx three
OSM_NAMESPACE="${OSM_NAMESPACE:-osm-system}"
BOOKBUYER_NAMESPACE='bookbuyer'
BOOKSTORE_NAMESPACE='bookstore'
# Cleanup
kubectl delete namespace $(kubectl get namespaces --no-headers | awk '{print $1}' | grep -E '^book') --wait || true
kubectl create namespace bookbuyer
kubectl create namespace bookstore
osm namespace add bookbuyer
osm namespace add bookstore
########################################
# Enable SMI mode
echo -e "Enable SMI mode (permissiveTrafficPolicyMode = false"
kubectl patch meshconfig osm-mesh-config \
--namespace $OSM_NAMESPACE \
--patch '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":false}}}' \
--type=merge
########################################
osm namespace remove ingress-nginx
# Install Nginx Ingress Controller in the defualt namespace
helm upgrade \
--install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx \
--create-namespace
### Annotate NGINX Ingress Controller with this
### kubectl annotate pod <pod> -n ingress-nginx openservicemesh.io/inbound-port-exclusion-list=80,443,10254
kubectl patch deployment -n ingress-nginx ingress-nginx-controller -p '{"spec":{"template":{"metadata":{"annotations":{"openservicemesh.io/inbound-port-exclusion-list": "80,443,10254"}}}}}'
kubectl patch meshconfig osm-mesh-config -n osm-system -p '{"spec":{"traffic":{"inboundPortExclusionList":[80,443,10254]}}}' --type=merge
kubectl patch deployment -n ingress-nginx ingress-nginx-controller -p '{"spec":{"template":{"metadata":{"annotations":{"openservicemesh.io/outbound-port-exclusion-list": "80,443,10254"}}}}}'
kubectl patch meshconfig osm-mesh-config -n osm-system -p '{"spec":{"traffic":{"outboundPortExclusionList":[80,443,10254]}}}' --type=merge
### WE ADD THE NGINX NAMESPACE TO THE MESH
osm namespace add ingress-nginx
kubectl rollout restart -n ingress-nginx deployment ingress-nginx-controller
kubectl delete ValidatingWebhookConfiguration ingress-nginx-admission
sleep 5
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bookstore
namespace: bookstore
annotations:
nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/upstream-vhost: bookstore.bookstore.svc.cluster.local
spec:
ingressClassName: nginx
rules:
- host: osm-bookstore.contoso.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bookstore
port:
number: 14001
EOF
#########################################33
./deploy-apps.sh
./show-debug.shEnsure that all common.Runnables have implemented the required methods
The common.Runnable interface requires several methods to be implemented. This issue has a few parts:
(1) Ensure that all required methods are implemented (example: implement the methods at
osm-health/pkg/kubernetes/pod/containers.go
Lines 47 to 55 in e79f267
(2) Ensure that
common.Runnable outcomes structs contain the newly implemented Suggestions() and FixIt() osm-health/pkg/common/runner.go
Lines 7 to 11 in fae1393
(3) Ensure that suggestions and fixit are printed here: https://github.com/openservicemesh/osm-health/blob/main/pkg/common/printer.go
Successful checks don't return much information
We may want checks to return information that is more valuable to users?
Some context from PR #62:
and
ref: #62 (comment) and #62 (comment)
func PodToPod() in pkg/connectivity/pod-to-pod.go should return error
The function should return an error. Specifically referring to
osm-health/pkg/connectivity/pod-to-pod.go
Lines 14 to 16 in fae1393
There are several points in this function where continuing execution would probably not make sense?
osm-health/pkg/connectivity/pod-to-pod.go
Lines 22 to 25 in fae1393
osm-health/pkg/connectivity/pod-to-pod.go
Lines 29 to 32 in fae1393
osm-health/pkg/connectivity/pod-to-pod.go
Lines 34 to 37 in fae1393
Creating this issue to kick off discussion about this.
chore(*): Refactor pkgs to use `pkg/*/errors.go`
Files in different osm-health pkgs return errors that indicate different osm issues. It would be a good idea to refactor all return fmt.Errorf to use errors defined in pkg/*/errors.go.
See pkg/envoy/errors.go and pkg/kubernetes/pod/errors.go for examples.
Implement "osm-health version"
$ ./bin/osm-health version
3:55PM INF osm-health version: dev; 12f43f6b7ac8d446e7f29961f59d064a7edca3af; 2021-11-16 file=main.go:65 module=main
Error: unknown command "version" for "osm-health"
Run 'osm-health --help' for usage.It would be useful to run osm-health version1 and see the version currently installed
Add CONTRIBUTING.md
panic when running osm-health on a non-standard OSM namespace
Ran osm-health on a cluster where OSM controller runs in a namespace other than osm-system. This seems to be causing a invalid memory address or nil pointer dereference
This seems to be happening on the following line, where the object meshInfo is nil:
osm-health/pkg/connectivity/pod-to-pod.go
Line 57 in 12f43f6
The object meshInfo is nil because we did not return on the following line:
osm-health/pkg/connectivity/pod-to-pod.go
Line 32 in 12f43f6
Details:
$ kc get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
chaos-testing chaos-controller-manager-7458c99b6c-r4nqp 1/1 Running 0 19h
chaos-testing chaos-daemon-5bznm 1/1 Running 0 19h
chaos-testing chaos-daemon-qknmd 1/1 Running 0 19h
chaos-testing chaos-dashboard-7d6b886b57-r298x 1/1 Running 0 19h
kube-system azure-ip-masq-agent-58r54 1/1 Running 0 19h
kube-system azure-ip-masq-agent-b8nbg 1/1 Running 0 19h
kube-system coredns-autoscaler-54d55c8b75-zghzx 1/1 Running 0 19h
kube-system coredns-d4866bcb7-674sr 1/1 Running 0 19h
kube-system coredns-d4866bcb7-lrxrk 1/1 Running 0 19h
kube-system konnectivity-agent-56d5b76d58-7f4kg 1/1 Running 0 19h
kube-system konnectivity-agent-56d5b76d58-hjpc7 1/1 Running 0 19h
kube-system kube-proxy-74rv6 1/1 Running 0 19h
kube-system kube-proxy-7pzjm 1/1 Running 0 19h
kube-system metrics-server-569f6547dd-2bg6s 1/1 Running 1 19h
kube-system omsagent-rl9g9 2/2 Running 0 19h
kube-system omsagent-rs-8b988ff4c-8wljq 1/1 Running 0 19h
kube-system omsagent-vdsmj 2/2 Running 0 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookbuyer bookbuyer-pod-sim-run-ec184916-65fc-4a82-afbb-c43f009a801a 2/2 Running 0 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore bookstore-d6cfc7bc7-ctwss 2/2 Running 0 15s
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore bookstore-d6cfc7bc7-nwkph 2/2 Running 0 11s
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore bookstore-d6cfc7bc7-z75dl 2/2 Running 0 19s
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore-pod 2/2 Running 0 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-fluent sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-fluent-bit-27s4x 1/1 Running 0 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-fluent sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-fluent-bit-kmgkc 1/1 Running 0 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-osm osm-bootstrap-78869db44d-sxl4g 1/1 Running 0 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-osm osm-controller-67cf494b95-kwwbm 1/1 Running 2 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-osm osm-grafana-745448f65d-l8n8m 1/1 Running 0 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-osm osm-injector-ff8fbd89c-qtnvj 1/1 Running 1 19h
sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-osm osm-prometheus-7b859d6898-4wxrg 1/1 Running 0 19h
(git)-[main]-de@derayche:src/osm-health$ ./bin/osm-health connectivity pod-to-pod sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookbuyer/bookbuyer-pod-sim-run-ec184916-65fc-4a82-afbb-c43f009a801a sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore/bookstore-d6cfc7bc7-ctwss
2:28PM INF osm-health version: dev; 12f43f6b7ac8d446e7f29961f59d064a7edca3af; 2021-10-13 file=main.go:65 module=main
2:28PM TRC Looking for Pod with Name=bookbuyer-pod-sim-run-ec184916-65fc-4a82-afbb-c43f009a801a in namespace=sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookbuyer file=pod.go:33 module=kubernetes/pod
2:28PM TRC Looking for pod sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookbuyer/bookbuyer-pod-sim-run-ec184916-65fc-4a82-afbb-c43f009a801a file=pod.go:47 module=kubernetes/pod
2:28PM TRC Found Pod sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookbuyer/bookbuyer-pod-sim-run-ec184916-65fc-4a82-afbb-c43f009a801a file=pod.go:50 module=kubernetes/pod
2:28PM TRC Looking for Pod with Name=bookstore-d6cfc7bc7-ctwss in namespace=sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore file=pod.go:33 module=kubernetes/pod
2:28PM TRC Looking for pod sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore/bookstore-d6cfc7bc7-ctwss file=pod.go:47 module=kubernetes/pod
2:28PM TRC Found Pod sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore/bookstore-d6cfc7bc7-ctwss file=pod.go:50 module=kubernetes/pod
2:28PM INF Testing connectivity from sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookbuyer/bookbuyer-pod-sim-run-ec184916-65fc-4a82-afbb-c43f009a801a to sim-run-ec184916-65fc-4a82-afbb-c43f009a801a-bookstore/bookstore-d6cfc7bc7-ctwss file=pod-to-pod.go:23 module=connectivity
2:28PM ERR Error getting OSM info error="osm-controller deployment not found in osm-system namespace" file=pod-to-pod.go:32 module=connectivity
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x1d68438]
goroutine 1 [running]:
github.com/openservicemesh/osm-health/pkg/connectivity.PodToPod(0xc0008e6400, 0xc000c1c800, 0x235d27e, 0xa)
/home/de/src/osm-health/pkg/connectivity/pod-to-pod.go:57 +0x2f8
main.newConnectivityPodToPodCmd.func1(0xc000856780, 0xc0006abdc0, 0x2, 0x2, 0x0, 0x0)
/home/de/src/osm-health/cmd/connectivity_pod_to_pod.go:44 +0x1b9
github.com/spf13/cobra.(*Command).execute(0xc000856780, 0xc0006abd80, 0x2, 0x2, 0xc000856780, 0xc0006abd80)
/home/de/go/pkg/mod/github.com/spf13/[email protected]/command.go:852 +0x472
github.com/spf13/cobra.(*Command).ExecuteC(0xc000856280, 0x2382018, 0x1e, 0xc000a9ff48)
/home/de/go/pkg/mod/github.com/spf13/[email protected]/command.go:960 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
/home/de/go/pkg/mod/github.com/spf13/[email protected]/command.go:897
main.main()
/home/de/src/osm-health/cmd/main.go:67 +0x13aProvide more verbose and friendly error messages when pod names are not provided for connectivity between pods
Current output of osm-health connectivity pod-to-pod:
$ ./osm-health connectivity pod-to-pod
3:57PM INF osm-health version: dev; 12f43f6b7ac8d446e7f29961f59d064a7edca3af; 2021-11-16 file=main.go:65 module=main
Error: accepts 2 arg(s), received 0It may be friendlier to be more verbose around Error: accepts 2 arg(s), received 0 -- what are the 2 args? They are pods.
This command needs 2 different pods in order to test the connectivity between them.
What's the format of the pods? (namespace/pod, right?)
Support v0.10, v0.11, v1 of OSM
Current error message when running osm-health with v1:
$ ./osm-health connectivity pod-to-pod bookbuyer/bookbuyer-78dcb7747b-kqjst bookstore/bookstore-v1-5d7585b6b9-5n9mx
3:59PM INF osm-health version: dev; 12f43f6b7ac8d446e7f29961f59d064a7edca3af; 2021-11-16 file=main.go:65 module=main
3:59PM TRC Looking for Pod with Name=bookbuyer-78dcb7747b-kqjst in namespace=bookbuyer file=pod.go:33 module=kubernetes/pod
3:59PM TRC Looking for pod bookbuyer/bookbuyer-78dcb7747b-kqjst file=pod.go:47 module=kubernetes/pod
3:59PM TRC Found Pod bookbuyer/bookbuyer-78dcb7747b-kqjst file=pod.go:50 module=kubernetes/pod
3:59PM TRC Looking for Pod with Name=bookstore-v1-5d7585b6b9-5n9mx in namespace=bookstore file=pod.go:33 module=kubernetes/pod
3:59PM TRC Looking for pod bookstore/bookstore-v1-5d7585b6b9-5n9mx file=pod.go:47 module=kubernetes/pod
3:59PM TRC Found Pod bookstore/bookstore-v1-5d7585b6b9-5n9mx file=pod.go:50 module=kubernetes/pod
3:59PM INF Testing connectivity from bookbuyer/bookbuyer-78dcb7747b-kqjst to bookstore/bookstore-v1-5d7585b6b9-5n9mx file=pod-to-pod.go:23 module=connectivity
3:59PM DBG Started OSM MeshConfig informer component=configurator file=client.go:100
3:59PM DBG [MeshConfig client] Waiting for MeshConfig informer's cache to sync component=configurator file=client.go:101
3:59PM DBG [meshconfig-added] OSM MeshConfig added event triggered a global proxy broadcast component=configurator file=client.go:112
3:59PM DBG [MeshConfig client] Cache sync for MeshConfig informer finished component=configurator file=client.go:108
{"level":"warn","time":"2021-11-16T15:59:55-08:00","message":"envoy container of pod bookbuyer-78dcb7747b-kqjst does not contain any logs"}
{"level":"warn","time":"2021-11-16T15:59:55-08:00","message":"envoy container of pod bookstore-v1-5d7585b6b9-5n9mx does not contain any logs"}
{"level":"warn","time":"2021-11-16T15:59:55-08:00","message":"osm-init container of pod bookbuyer-78dcb7747b-kqjst does not contain any logs"}
{"level":"warn","time":"2021-11-16T15:59:56-08:00","message":"osm-init container of pod bookstore-v1-5d7585b6b9-5n9mx does not contain any logs"}
1 Pass Checking whether namespace bookbuyer and namespace bookstore are monitored by the same mesh
2 Pass Checking whether namespace bookbuyer is annotated for automatic sidecar injection
3 Pass Checking whether namespace bookstore is annotated for automatic sidecar injection
4 Pass Checking whether namespace bookbuyer is monitored by OSM osm
5 Pass Checking whether namespace bookstore is monitored by OSM osm
6 Pass Checking whether pod bookbuyer-78dcb7747b-kqjst has at least 2 containers
7 Pass Checking whether pod bookstore-v1-5d7585b6b9-5n9mx has at least 2 containers
8 Pass Checking whether pod bookbuyer-78dcb7747b-kqjst has a container with osm init image matching meshconfig init container image
9 Pass Checking whether pod bookstore-v1-5d7585b6b9-5n9mx has a container with osm init image matching meshconfig init container image
10 Pass Checking whether pod bookbuyer-78dcb7747b-kqjst has a container with envoy image matching meshconfig envoy image
11 Pass Checking whether pod bookstore-v1-5d7585b6b9-5n9mx has a container with envoy image matching meshconfig envoy image
12 Pass Checking whether pod bookbuyer-78dcb7747b-kqjst has a valid proxy UUID label
13 Pass Checking whether pod bookstore-v1-5d7585b6b9-5n9mx has a valid proxy UUID label
14 Pass Checking whether pod bookstore/bookstore-v1-5d7585b6b9-5n9mx is referenced by a Kubernetes Endpoints resource
15 Pass Checking whether pod bookbuyer-78dcb7747b-kqjst has events of type!=Normal
16 Pass Checking whether pod bookstore-v1-5d7585b6b9-5n9mx has events of type!=Normal
17 Pass Checking whether pod bookbuyer-78dcb7747b-kqjst has bad (fatal/error/warning/fail) logs in envoy container
18 Pass Checking whether pod bookstore-v1-5d7585b6b9-5n9mx has bad (fatal/error/warning/fail) logs in envoy container
19 Pass Checking whether pod bookbuyer-78dcb7747b-kqjst has bad (fatal/error/warning/fail) logs in osm-init container
20 Pass Checking whether pod bookstore-v1-5d7585b6b9-5n9mx has bad (fatal/error/warning/fail) logs in osm-init container
21 Pass Checking whether destination pod bookstore-v1-5d7585b6b9-5n9mx has at least one service
---> Diagnostic info: found service(s) [bookstore] for destination pod 'bookstore/bookstore-v1-5d7585b6b9-5n9mx'
22 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst is configured with at least one destination endpoint
---> Error: Error retrieving proxy config for pod bookbuyer-78dcb7747b-kqjst in namespace bookbuyer: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
23 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst is configured with 10.244.0.12 as a destination endpoint
---> Error: Error retrieving proxy config for pod bookbuyer-78dcb7747b-kqjst in namespace bookbuyer: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
24 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst is configured with correct rds-outbound Envoy route
---> Error: Error retrieving proxy config for pod bookbuyer-78dcb7747b-kqjst in namespace bookbuyer: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
25 Fail Checking whether bookstore/bookstore-v1-5d7585b6b9-5n9mx is configured with correct rds-inbound Envoy route
---> Error: Error retrieving proxy config for pod bookstore-v1-5d7585b6b9-5n9mx in namespace bookstore: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
26 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst is configured with correct outbound Envoy listener
---> Error: Error retrieving proxy config for pod bookbuyer-78dcb7747b-kqjst in namespace bookbuyer: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
27 Fail Checking whether bookstore/bookstore-v1-5d7585b6b9-5n9mx is configured with correct inbound Envoy listener
---> Error: Error retrieving proxy config for pod bookstore-v1-5d7585b6b9-5n9mx in namespace bookstore: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
28 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst is configured with an envoy cluster referring to Pod bookstore/bookstore-v1-5d7585b6b9-5n9mx
---> Error: Error retrieving proxy config for pod bookbuyer-78dcb7747b-kqjst in namespace bookbuyer: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
29 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst is configured with a root-cert-for-mtls-outbound envoy secret
---> Error: Error retrieving proxy config for pod bookbuyer-78dcb7747b-kqjst in namespace bookbuyer: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
30 Fail Checking whether bookstore/bookstore-v1-5d7585b6b9-5n9mx is configured with a root-cert-for-mtls-inbound envoy secret
---> Error: Error retrieving proxy config for pod bookstore-v1-5d7585b6b9-5n9mx in namespace bookstore: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
31 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst is configured with a service-cert envoy secret
---> Error: Error retrieving proxy config for pod bookbuyer-78dcb7747b-kqjst in namespace bookbuyer: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
32 Fail Checking whether bookstore/bookstore-v1-5d7585b6b9-5n9mx is configured with a service-cert envoy secret
---> Error: Error retrieving proxy config for pod bookstore-v1-5d7585b6b9-5n9mx in namespace bookstore: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
33 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst has dynamic warming issues
---> Error: Error retrieving proxy config for pod bookbuyer-78dcb7747b-kqjst in namespace bookbuyer: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
34 Fail Checking whether bookstore/bookstore-v1-5d7585b6b9-5n9mx has dynamic warming issues
---> Error: Error retrieving proxy config for pod bookstore-v1-5d7585b6b9-5n9mx in namespace bookstore: Error fetching url http://localhost:0/config_dump?include_eds: Get "http://localhost:0/config_dump?include_eds": dial tcp 127.0.0.1:0: connect: connection refused
35 Fail Checking whether pod bookstore-v1-5d7585b6b9-5n9mx participates in a traffic split
---> Error: OSM Controller version could not be mapped to a TrafficSplit version. Supported versions are v0.5 through v0.9
36 Fail Checking whether there is a Traffic Target with source pod bookbuyer-78dcb7747b-kqjst and destination pod bookstore-v1-5d7585b6b9-5n9mx in namespace bookstore
---> Error: OSM Controller version could not be mapped to a TrafficTarget version. Supported versions are v0.5 through v0.9
37 Fail Checking whether Traffic Targets in namespace bookstore with source pod bookbuyer-78dcb7747b-kqjst and destination pod bookstore-v1-5d7585b6b9-5n9mx have valid routes (Kind: HTTPRouteGroup or TCPRoute)
---> Error: OSM Controller version could not be mapped to a TrafficTarget version. Supported versions are v0.5 through v0.9
38 Fail Checking whether routes referenced by above matched TrafficTargets exist in namespace bookstore
---> Error: OSM Controller version could not be mapped to a TrafficTarget version. Supported versions are v0.5 through v0.9
39 Fail Checking whether bookbuyer/bookbuyer-78dcb7747b-kqjst and bookstore/bookstore-v1-5d7585b6b9-5n9mx are configured with the correct Envoy filter chains
---> Error: OSM Controller version could not be mapped to a TrafficTarget version. Supported versions are v0.5 through v0.9We need to support v0.10, v0.11 and v1
Planning Milestone v0.2
This GitHub Issue is to be used for planning OSM Health release v0.2
Please comment with recommendations on GitHub Issues or general areas that we should bundle with the OSM Health v0.2 release.
GetMeshInfo is causing is sigsegv when running osm-health connectivity pod-to-pod
Ensure internal service IP addresses are not in the set of Outbound IP exclusion list
Ensure internal service IP addresses are not in the set of Outbound IP exclusion list. When an internal service / any internal IP is in the outbound IP - the service will not properly participate in the mesh. We need to issue an ERROR message when this is the case.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.