kubeovn / kube-ovn / 26335972836
25%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 212
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 25.297% (+0.03%) from 25.27%
26335972836

push

github

web-flow 
fix(cniserver): probe unix socket from /livez to detect missing bind (#6778)

* fix(cniserver): probe unix socket from /livez to detect missing bind (#6775)

The kube-ovn-cni liveness probe hits /livez on the metrics/pprof port,
which until now always returned "ok". It told us nothing about the
real CNI surface — the unix socket at /run/openvswitch/kube-ovn-daemon.sock.
When that socket disappears (bash EXIT trap in start-cniserver.sh,
external cleanup of /run/openvswitch, etc.) the daemon process keeps
a stale listener fd, /livez stays green, and every kubelet CNI call
fails with "dial unix .../kube-ovn-daemon.sock: connect: no such file
or directory" until an operator deletes the pod.

Make /livez actually exercise the CNI socket:

* pkg/util/health_check.go: add RegisterLivezProbe + LivezHandler; an
  optional probe is consulted on every request and a non-nil error
  becomes HTTP 503. Default behaviour (no probe registered) is
  unchanged for all other components.
* pkg/metrics/{server,servers}.go: route /livez through LivezHandler.
* pkg/daemon/server.go: split RunServer into NewCNIListener
  (synchronous bind) and RunCNIServer (serves on a pre-bound
  listener) so the socket exists before /livez is reachable.
* cmd/daemon/cniserver.go: bind the socket, register a probe that
  net.DialTimeout("unix", BindSocket, 2s) + Close, then start the
  health server and serve CNI requests.

Once the probe fails, failureThreshold (3) * periodSeconds (7) after
the 30s initialDelaySeconds restarts the container — the same manual
workaround the issue reporter applied.

Signed-off-by: Mengxin Liu <liumengxinfly@gmail.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Mengxin Liu <liumengxinfly@gmail.com>

* fix(cniserver): don't leak probe error string in /livez response

Copilot review on #6778 flagged that LivezHandler echoed the probe's
raw error via http.Error(), which can expose internal filesystem paths
(e.g. the CNI so... (continued)

15 of 21 new or added lines in 4 files covered. (71.43%)

1 existing line in 1 file now uncovered.

14538 of 57469 relevant lines covered (25.3%)

0.29 hits per line

Uncovered Changes

Lines Coverage File
4
0.0
 0.0% pkg/daemon/server.go
1
25.53
 0.0% pkg/metrics/server.go
1
0.0
 0.0% pkg/metrics/servers.go

Coverage Regressions

Lines Coverage File
1
0.0
 0.0% pkg/daemon/server.go
Jobs
ID Job ID Ran Files Coverage
1 26335972836.1 212
25.3
 GitHub Action Run
Source Files on build 26335972836