cli/verifier: add control plane health probe checks (#4751)

- Adds HTTP and HTTPS liveness probe checks to control
  plane health verification command

- Moves unnecessary constants pkg in the generic
  httpserver directory and consolidates those
  into the constants pkg

- Fixes a bug in the existing proxy_get port-forwarding
  code used by the verifier, where a connection leak
  exists due to not closing the response

- Hides the probe implementation behind an interface
  so that the verifier can be unit tested without
  needing to hack the port-forwarding dependency

- Consolidates /healthz constants for webhooks

Part of #4634

Signed-off-by: Shashank Ram <[email protected]>

Author: shashankram

cmd/cli/util.go

@@ -20,7 +20,6 @@ import (
 	"k8s.io/client-go/rest"
 
 	"github.com/openservicemesh/osm/pkg/constants"
-	httpserverconstants "github.com/openservicemesh/osm/pkg/httpserver/constants"
 	"github.com/openservicemesh/osm/pkg/k8s"
 )
 
@@ -214,7 +213,7 @@ func getSupportedSmiForControllerPod(pod string, namespace string, restConfig *r
 
 	err = portForwarder.Start(func(pf *k8s.PortForwarder) error {
 		defer pf.Stop()
-		url := fmt.Sprintf("http://localhost:%d%s", localPort, httpserverconstants.SmiVersionPath)
+		url := fmt.Sprintf("http://localhost:%d%s", localPort, constants.OSMControllerSMIVersionPath)
 
 		// #nosec G107: Potential HTTP request made with variable url
 		resp, err := http.Get(url)

cmd/cli/verify_control_plane.go

@@ -60,7 +60,7 @@ func newVerifyControlPlaneCmd(stdout io.Writer, stderr io.Writer) *cobra.Command
 }
 
 func (cmd *verifyControlPlaneCmd) run() error {
-	v := verifier.NewControlPlaneHealthVerifier(cmd.stdout, cmd.stderr, cmd.kubeClient, settings.Namespace())
+	v := verifier.NewControlPlaneHealthVerifier(cmd.stdout, cmd.stderr, cmd.kubeClient, cmd.restConfig, settings.Namespace())
 	result := v.Run()
 
 	fmt.Fprintln(cmd.stdout, "---------------------------------------------")

cmd/cli/version.go

@@ -14,7 +14,6 @@ import (
 	"k8s.io/client-go/rest"
 
 	"github.com/openservicemesh/osm/pkg/constants"
-	httpserverconstants "github.com/openservicemesh/osm/pkg/httpserver/constants"
 	"github.com/openservicemesh/osm/pkg/version"
 )
 
@@ -153,7 +152,7 @@ func (v *versionCmd) getMeshVersion() (*remoteVersionInfo, error) {
 }
 
 func (r *remoteVersion) proxyGetMeshVersion(pod string, namespace string, clientset kubernetes.Interface) (*version.Info, error) {
-	resp, err := clientset.CoreV1().Pods(namespace).ProxyGet("", pod, strconv.Itoa(constants.OSMHTTPServerPort), httpserverconstants.VersionPath, nil).DoRaw(context.TODO())
+	resp, err := clientset.CoreV1().Pods(namespace).ProxyGet("", pod, strconv.Itoa(constants.OSMHTTPServerPort), constants.VersionPath, nil).DoRaw(context.TODO())
 	if err != nil {
 		return nil, errors.Wrapf(err, "Error retrieving mesh version from pod [%s] in namespace [%s]", pod, namespace)
 	}

cmd/osm-bootstrap/osm-bootstrap.go

@@ -27,14 +27,13 @@ import (
 	"k8s.io/kubectl/pkg/util"
 
 	configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2"
+	configClientset "github.com/openservicemesh/osm/pkg/gen/client/config/clientset/versioned"
 
 	"github.com/openservicemesh/osm/pkg/certificate/providers"
 	"github.com/openservicemesh/osm/pkg/configurator"
 	"github.com/openservicemesh/osm/pkg/constants"
 	"github.com/openservicemesh/osm/pkg/crdconversion"
-	configClientset "github.com/openservicemesh/osm/pkg/gen/client/config/clientset/versioned"
 	"github.com/openservicemesh/osm/pkg/httpserver"
-	httpserverconstants "github.com/openservicemesh/osm/pkg/httpserver/constants"
 	"github.com/openservicemesh/osm/pkg/k8s/events"
 	"github.com/openservicemesh/osm/pkg/logger"
 	"github.com/openservicemesh/osm/pkg/messaging"
@@ -219,9 +218,9 @@ func main() {
 	 */
 	httpServer := httpserver.NewHTTPServer(constants.OSMHTTPServerPort)
 	// Metrics
-	httpServer.AddHandler(httpserverconstants.MetricsPath, metricsstore.DefaultMetricsStore.Handler())
+	httpServer.AddHandler(constants.MetricsPath, metricsstore.DefaultMetricsStore.Handler())
 	// Version
-	httpServer.AddHandler(httpserverconstants.VersionPath, version.GetVersionHandler())
+	httpServer.AddHandler(constants.VersionPath, version.GetVersionHandler())
 	// Start HTTP server
 	err = httpServer.Start()
 	if err != nil {

cmd/osm-controller/osm-controller.go

@@ -27,8 +27,6 @@ import (
 
 	configClientset "github.com/openservicemesh/osm/pkg/gen/client/config/clientset/versioned"
 	policyClientset "github.com/openservicemesh/osm/pkg/gen/client/policy/clientset/versioned"
-	"github.com/openservicemesh/osm/pkg/messaging"
-	"github.com/openservicemesh/osm/pkg/reconciler"
 
 	"github.com/openservicemesh/osm/pkg/catalog"
 	"github.com/openservicemesh/osm/pkg/certificate/providers"
@@ -42,14 +40,15 @@ import (
 	"github.com/openservicemesh/osm/pkg/errcode"
 	"github.com/openservicemesh/osm/pkg/health"
 	"github.com/openservicemesh/osm/pkg/httpserver"
-	httpserverconstants "github.com/openservicemesh/osm/pkg/httpserver/constants"
 	"github.com/openservicemesh/osm/pkg/ingress"
 	"github.com/openservicemesh/osm/pkg/k8s"
 	"github.com/openservicemesh/osm/pkg/k8s/events"
 	"github.com/openservicemesh/osm/pkg/logger"
+	"github.com/openservicemesh/osm/pkg/messaging"
 	"github.com/openservicemesh/osm/pkg/metricsstore"
 	"github.com/openservicemesh/osm/pkg/policy"
 	"github.com/openservicemesh/osm/pkg/providers/kube"
+	"github.com/openservicemesh/osm/pkg/reconciler"
 	"github.com/openservicemesh/osm/pkg/service"
 	"github.com/openservicemesh/osm/pkg/signals"
 	"github.com/openservicemesh/osm/pkg/smi"
@@ -278,15 +277,15 @@ func main() {
 	// Health/Liveness probes
 	funcProbes := []health.Probes{xdsServer, smi.HealthChecker{DiscoveryClient: clientset.Discovery()}}
 	httpServer.AddHandlers(map[string]http.Handler{
-		httpserverconstants.HealthReadinessPath: health.ReadinessHandler(funcProbes, getHTTPHealthProbes()),
-		httpserverconstants.HealthLivenessPath:  health.LivenessHandler(funcProbes, getHTTPHealthProbes()),
+		constants.OSMControllerReadinessPath: health.ReadinessHandler(funcProbes, getHTTPHealthProbes()),
+		constants.OSMControllerLivenessPath:  health.LivenessHandler(funcProbes, getHTTPHealthProbes()),
 	})
 	// Metrics
-	httpServer.AddHandler(httpserverconstants.MetricsPath, metricsstore.DefaultMetricsStore.Handler())
+	httpServer.AddHandler(constants.MetricsPath, metricsstore.DefaultMetricsStore.Handler())
 	// Version
-	httpServer.AddHandler(httpserverconstants.VersionPath, version.GetVersionHandler())
+	httpServer.AddHandler(constants.VersionPath, version.GetVersionHandler())
 	// Supported SMI Versions
-	httpServer.AddHandler(httpserverconstants.SmiVersionPath, smi.GetSmiClientVersionHTTPHandler())
+	httpServer.AddHandler(constants.OSMControllerSMIVersionPath, smi.GetSmiClientVersionHTTPHandler())
 
 	// Start HTTP server
 	err = httpServer.Start()
@@ -344,7 +343,7 @@ func getHTTPHealthProbes() []health.HTTPProbe {
 	return []health.HTTPProbe{
 		// Internal probe to validator's webhook port
 		{
-			URL:      joinURL(fmt.Sprintf("https://%s:%d", constants.LocalhostIPAddress, constants.ValidatorWebhookPort), validator.HealthAPIPath),
+			URL:      joinURL(fmt.Sprintf("https://%s:%d", constants.LocalhostIPAddress, constants.ValidatorWebhookPort), constants.WebhookHealthPath),
 			Protocol: health.ProtocolHTTPS,
 		},
 	}

cmd/osm-injector/osm-injector.go

@@ -23,20 +23,19 @@ import (
 
 	configClientset "github.com/openservicemesh/osm/pkg/gen/client/config/clientset/versioned"
 	policyClientset "github.com/openservicemesh/osm/pkg/gen/client/policy/clientset/versioned"
-	"github.com/openservicemesh/osm/pkg/messaging"
-	"github.com/openservicemesh/osm/pkg/reconciler"
 
 	"github.com/openservicemesh/osm/pkg/certificate/providers"
 	"github.com/openservicemesh/osm/pkg/configurator"
 	"github.com/openservicemesh/osm/pkg/constants"
 	"github.com/openservicemesh/osm/pkg/errcode"
 	"github.com/openservicemesh/osm/pkg/httpserver"
-	httpserverconstants "github.com/openservicemesh/osm/pkg/httpserver/constants"
 	"github.com/openservicemesh/osm/pkg/injector"
 	"github.com/openservicemesh/osm/pkg/k8s"
 	"github.com/openservicemesh/osm/pkg/k8s/events"
 	"github.com/openservicemesh/osm/pkg/logger"
+	"github.com/openservicemesh/osm/pkg/messaging"
 	"github.com/openservicemesh/osm/pkg/metricsstore"
+	"github.com/openservicemesh/osm/pkg/reconciler"
 	"github.com/openservicemesh/osm/pkg/signals"
 	"github.com/openservicemesh/osm/pkg/version"
 )
@@ -209,9 +208,9 @@ func main() {
 	 */
 	httpServer := httpserver.NewHTTPServer(constants.OSMHTTPServerPort)
 	// Metrics
-	httpServer.AddHandler(httpserverconstants.MetricsPath, metricsstore.DefaultMetricsStore.Handler())
+	httpServer.AddHandler(constants.MetricsPath, metricsstore.DefaultMetricsStore.Handler())
 	// Version
-	httpServer.AddHandler(httpserverconstants.VersionPath, version.GetVersionHandler())
+	httpServer.AddHandler(constants.VersionPath, version.GetVersionHandler())
 	// Start HTTP server
 	err = httpServer.Start()
 	if err != nil {

pkg/cli/proxy_get.go

@@ -51,6 +51,9 @@ func GetEnvoyProxyConfig(clientSet kubernetes.Interface, config *rest.Config, na
 		if err != nil {
 			return errors.Errorf("Error fetching url %s: %s", url, err)
 		}
+		//nolint: errcheck
+		//#nosec G307
+		defer resp.Body.Close()
 
 		envoyProxyConfig, err = ioutil.ReadAll(resp.Body)
 		if err != nil {

pkg/cli/verifier/control_plane.go

@@ -5,25 +5,53 @@ import (
 
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 
 	"github.com/openservicemesh/osm/pkg/constants"
+	"github.com/openservicemesh/osm/pkg/crdconversion"
 )
 
 // ControlPlaneHealthVerifier implements the Verifier interface for control plane health
 type ControlPlaneHealthVerifier struct {
-	stdout     io.Writer
-	stderr     io.Writer
-	kubeClient kubernetes.Interface
-	namespace  string
+	stdout           io.Writer
+	stderr           io.Writer
+	kubeClient       kubernetes.Interface
+	restConfig       *rest.Config
+	namespace        string
+	controllerProber httpProber
+	injectorProber   httpProber
+	bootstrapProber  httpProber
 }
 
 // NewControlPlaneHealthVerifier implements verification for control plane health
-func NewControlPlaneHealthVerifier(stdout io.Writer, stderr io.Writer, kubeClient kubernetes.Interface, namespace string) Verifier {
+func NewControlPlaneHealthVerifier(stdout io.Writer, stderr io.Writer, kubeClient kubernetes.Interface, restConfig *rest.Config, namespace string) Verifier {
 	return &ControlPlaneHealthVerifier{
 		stdout:     stdout,
 		stderr:     stderr,
 		kubeClient: kubeClient,
+		restConfig: restConfig,
 		namespace:  namespace,
+		controllerProber: &podProber{
+			kubeClient: kubeClient,
+			restConfig: restConfig,
+			port:       constants.OSMHTTPServerPort,
+			path:       constants.OSMControllerLivenessPath,
+			protocol:   constants.ProtocolHTTP,
+		},
+		injectorProber: &podProber{
+			kubeClient: kubeClient,
+			restConfig: restConfig,
+			port:       constants.InjectorWebhookPort,
+			path:       constants.WebhookHealthPath,
+			protocol:   constants.ProtocolHTTPS,
+		},
+		bootstrapProber: &podProber{
+			kubeClient: kubeClient,
+			restConfig: restConfig,
+			port:       crdconversion.HealthzPort,
+			path:       constants.WebhookHealthPath,
+			protocol:   constants.ProtocolHTTP,
+		},
 	}
 }
 
@@ -32,10 +60,18 @@ func (v *ControlPlaneHealthVerifier) Run() Result {
 	ctx := "Verify the health of OSM control plane"
 
 	verifiers := Set{
-		// Pod status verification
+		// Pod readiness verification
 		NewPodStatusVerifier(v.stdout, v.stderr, v.kubeClient, types.NamespacedName{Namespace: v.namespace, Name: constants.OSMControllerName}),
 		NewPodStatusVerifier(v.stdout, v.stderr, v.kubeClient, types.NamespacedName{Namespace: v.namespace, Name: constants.OSMInjectorName}),
 		NewPodStatusVerifier(v.stdout, v.stderr, v.kubeClient, types.NamespacedName{Namespace: v.namespace, Name: constants.OSMBootstrapName}),
+
+		// Pod liveness health probe verification
+		NewPodProbeVerifier(v.stdout, v.stderr, v.kubeClient,
+			types.NamespacedName{Namespace: v.namespace, Name: constants.OSMControllerName}, v.controllerProber),
+		NewPodProbeVerifier(v.stdout, v.stderr, v.kubeClient,
+			types.NamespacedName{Namespace: v.namespace, Name: constants.OSMInjectorName}, v.injectorProber),
+		NewPodProbeVerifier(v.stdout, v.stderr, v.kubeClient,
+			types.NamespacedName{Namespace: v.namespace, Name: constants.OSMBootstrapName}, v.bootstrapProber),
 	}
 
 	return verifiers.Run(ctx)

pkg/cli/verifier/control_plane_test.go

@@ -2,6 +2,7 @@ package verifier
 
 import (
 	"bytes"
+	"errors"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -17,9 +18,12 @@ func TestControlPlane(t *testing.T) {
 	testNs := "test"
 
 	testCases := []struct {
-		name      string
-		resources []runtime.Object
-		expected  Result
+		name               string
+		resources          []runtime.Object
+		controllerProbeErr error
+		injectorProbeErr   error
+		bootstrapProbeErr  error
+		expected           Result
 	}{
 		{
 			name: "all control plane pods are ready",
@@ -214,16 +218,112 @@ func TestControlPlane(t *testing.T) {
 				Status: Failure,
 			},
 		},
+		{
+			name: "control plane probes fails",
+			resources: []runtime.Object{
+				&corev1.Pod{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "osm-controller-1",
+						Namespace: testNs,
+						Labels:    map[string]string{constants.AppLabel: "osm-controller"},
+					},
+					Status: corev1.PodStatus{
+						Conditions: []corev1.PodCondition{
+							{
+								Type:   corev1.PodScheduled,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.ContainersReady,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.PodInitialized,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.PodReady,
+								Status: corev1.ConditionTrue,
+							},
+						},
+					},
+				},
+				&corev1.Pod{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "osm-injector-1",
+						Namespace: testNs,
+						Labels:    map[string]string{constants.AppLabel: "osm-injector"},
+					},
+					Status: corev1.PodStatus{
+						Conditions: []corev1.PodCondition{
+							{
+								Type:   corev1.PodScheduled,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.ContainersReady,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.PodInitialized,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.PodReady,
+								Status: corev1.ConditionTrue,
+							},
+						},
+					},
+				},
+				&corev1.Pod{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "osm-bootstrap-1",
+						Namespace: testNs,
+						Labels:    map[string]string{constants.AppLabel: "osm-bootstrap"},
+					},
+					Status: corev1.PodStatus{
+						Conditions: []corev1.PodCondition{
+							{
+								Type:   corev1.PodScheduled,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.ContainersReady,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.PodInitialized,
+								Status: corev1.ConditionTrue,
+							},
+							{
+								Type:   corev1.PodReady,
+								Status: corev1.ConditionTrue,
+							},
+						},
+					},
+				},
+			},
+			controllerProbeErr: errors.New("fake error"), // fake probe error
+			injectorProbeErr:   errors.New("fake error"), // fake probe error
+			bootstrapProbeErr:  errors.New("fake error"), // fake probe error
+			expected: Result{
+				Status: Failure,
+			},
+		},
 	}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			a := assert.New(t)
 
 			fakeClient := fake.NewSimpleClientset(tc.resources...)
+
 			v := &ControlPlaneHealthVerifier{
-				kubeClient: fakeClient,
-				namespace:  testNs,
+				kubeClient:       fakeClient,
+				namespace:        testNs,
+				controllerProber: fakeHTTPProber{err: tc.controllerProbeErr},
+				injectorProber:   fakeHTTPProber{err: tc.injectorProbeErr},
+				bootstrapProber:  fakeHTTPProber{err: tc.bootstrapProbeErr},
 			}
 
 			actual := v.Run()