-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Graceful shutdown for the API server (#18642) #20981
fix: Graceful shutdown for the API server (#18642) #20981
Conversation
❌ Preview Environment deleted from BunnyshellAvailable commands (reply to this comment):
|
fd682a9
to
ac80298
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #20981 +/- ##
==========================================
+ Coverage 55.02% 55.24% +0.21%
==========================================
Files 324 324
Lines 55472 55572 +100
==========================================
+ Hits 30522 30699 +177
+ Misses 22329 22257 -72
+ Partials 2621 2616 -5 ☔ View full report in Codecov by Sentry. |
8280700
to
a8ca06a
Compare
badea03
to
240c2d5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check my comments
server/settings/settings.proto
Outdated
@@ -44,6 +44,7 @@ message Settings { | |||
bool appsInAnyNamespaceEnabled = 24; | |||
bool impersonationEnabled = 25; | |||
string installationID = 26; | |||
repeated string additionalUrls = 27 [(gogoproto.customname) = "AdditionalURLs"]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure why this is needed. If there is no strong reason to add an additional attribute to the settings please, remove this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See the comment below. I also don't see a problem with adding the field, since URL is already there as well as a number of other fields. Why do you wanna avoid adding it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PRs should be concise and fix one main problem. This provides flexibility while cherry-picking the work in different release branches. The additionalUrls, while a good addition to the API, it doesn't belong in this PR as it changes the API and is not directly related wit the problem that we are trying to address.
Please provide another PR to add support to the additionalUrls
.
test/e2e/graceful_restart_test.go
Outdated
// Should be healthy. | ||
checkHealth(t, true) | ||
// Should trigger API server restart. | ||
fixture.SetParamInSettingConfigMap("additionalUrls", "- http://test") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems that you are only using this additionalUrls
to restart the API server? If so, there are other fields in the configmap that can be used for the same purpose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Modifying additional urls is the safest way to trigger reload that I could find. Feel free to suggest the alternative. I was hesitant to change URL, being afraid it can mess up the things completely. I also wanted to test that server is indeed restarted with new parameters in place (otherwise the test may succeed even if restart didn't happen).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's what it restarts on
Lines 674 to 734 in 02d6866
for { | |
newSettings := <-updateCh | |
a.settings = newSettings | |
newDexCfgBytes, err := dexutil.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) | |
errorsutil.CheckError(err) | |
if string(newDexCfgBytes) != string(prevDexCfgBytes) { | |
log.Infof("dex config modified. restarting") | |
break | |
} | |
if checkOIDCConfigChange(prevOIDCConfig, a.settings) { | |
log.Infof("oidc config modified. restarting") | |
break | |
} | |
if prevURL != a.settings.URL { | |
log.Infof("url modified. restarting") | |
break | |
} | |
if !reflect.DeepEqual(prevAdditionalURLs, a.settings.AdditionalURLs) { | |
log.Infof("additionalURLs modified. restarting") | |
break | |
} | |
if prevGitHubSecret != a.settings.WebhookGitHubSecret { | |
log.Infof("github secret modified. restarting") | |
break | |
} | |
if prevGitLabSecret != a.settings.WebhookGitLabSecret { | |
log.Infof("gitlab secret modified. restarting") | |
break | |
} | |
if prevBitbucketUUID != a.settings.WebhookBitbucketUUID { | |
log.Infof("bitbucket uuid modified. restarting") | |
break | |
} | |
if prevBitbucketServerSecret != a.settings.WebhookBitbucketServerSecret { | |
log.Infof("bitbucket server secret modified. restarting") | |
break | |
} | |
if prevGogsSecret != a.settings.WebhookGogsSecret { | |
log.Infof("gogs secret modified. restarting") | |
break | |
} | |
if !reflect.DeepEqual(prevExtConfig, a.settings.ExtensionConfig) { | |
prevExtConfig = a.settings.ExtensionConfig | |
log.Infof("extensions configs modified. Updating proxy registry...") | |
err := a.extensionManager.UpdateExtensionRegistry(a.settings) | |
if err != nil { | |
log.Errorf("error updating extensions configs: %s", err) | |
} else { | |
log.Info("extensions configs updated successfully") | |
} | |
} | |
if !a.ArgoCDServerOpts.Insecure { | |
var newCert, newCertKey string | |
if a.settings.Certificate != nil { | |
newCert, newCertKey = tlsutil.EncodeX509KeyPairString(*a.settings.Certificate) | |
} | |
if newCert != prevCert || newCertKey != prevCertKey { | |
log.Infof("tls certificate modified. reloading certificate") | |
// No need to break out of this loop since TlsConfig.GetCertificate will automagically reload the cert. | |
} | |
} |
- URL
- AdditionalURLs
- Various secrets/certificates
- Dex/Oidc config
- Extensions
Out of these, additional urls seems to be the only one without potential side effects. As of others, I'm not even sure what effects they can have, but modifying them to some test values doesn't seem promising.
Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
server/settings/settings.proto
Outdated
@@ -44,6 +44,7 @@ message Settings { | |||
bool appsInAnyNamespaceEnabled = 24; | |||
bool impersonationEnabled = 25; | |||
string installationID = 26; | |||
repeated string additionalUrls = 27 [(gogoproto.customname) = "AdditionalURLs"]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PRs should be concise and fix one main problem. This provides flexibility while cherry-picking the work in different release branches. The additionalUrls, while a good addition to the API, it doesn't belong in this PR as it changes the API and is not directly related wit the problem that we are trying to address.
Please provide another PR to add support to the additionalUrls
.
Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thank you!
…20981) * fix: Graceful shutdown for the API server (argoproj#18642) Closes argoproj#18642 Implements a graceful shutdown the the API server. Without this, ArgoCD API server will eventually return 502 during rolling update. However, healthcheck would return 503 if the server is terminating. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Init server only once, but keep re-initializing listeners Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Check error for SetParamInSettingConfigMap as needed after fresh master Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Prevent a data race Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Remove unused variable, don't pass lock when not necessary Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Try overriding URL instead of additional URLs Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Use a more specific url Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Adrian Aneci <aneci@adobe.com>
* fix: Graceful shutdown for the API server (#18642) Closes #18642 Implements a graceful shutdown the the API server. Without this, ArgoCD API server will eventually return 502 during rolling update. However, healthcheck would return 503 if the server is terminating. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Init server only once, but keep re-initializing listeners Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Check error for SetParamInSettingConfigMap as needed after fresh master Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Prevent a data race Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Remove unused variable, don't pass lock when not necessary Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Try overriding URL instead of additional URLs Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Use a more specific url Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
/cherry-pick release-2.13 |
* fix: Graceful shutdown for the API server (#18642) Closes #18642 Implements a graceful shutdown the the API server. Without this, ArgoCD API server will eventually return 502 during rolling update. However, healthcheck would return 503 if the server is terminating. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Init server only once, but keep re-initializing listeners Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Check error for SetParamInSettingConfigMap as needed after fresh master Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Prevent a data race Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Remove unused variable, don't pass lock when not necessary Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Try overriding URL instead of additional URLs Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Use a more specific url Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…rgoproj#20981)" This reverts commit 730363f. Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…rgoproj#20981)" This reverts commit 730363f.
…20981) * fix: Graceful shutdown for the API server (argoproj#18642) Closes argoproj#18642 Implements a graceful shutdown the the API server. Without this, ArgoCD API server will eventually return 502 during rolling update. However, healthcheck would return 503 if the server is terminating. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Init server only once, but keep re-initializing listeners Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Check error for SetParamInSettingConfigMap as needed after fresh master Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Prevent a data race Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Remove unused variable, don't pass lock when not necessary Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Try overriding URL instead of additional URLs Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Use a more specific url Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix: Graceful shutdown for the API server (#18642) (#20981) * fix: Graceful shutdown for the API server (#18642) Closes #18642 Implements a graceful shutdown the the API server. Without this, ArgoCD API server will eventually return 502 during rolling update. However, healthcheck would return 503 if the server is terminating. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Init server only once, but keep re-initializing listeners Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Check error for SetParamInSettingConfigMap as needed after fresh master Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Prevent a data race Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Remove unused variable, don't pass lock when not necessary Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Try overriding URL instead of additional URLs Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Use a more specific url Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Use a custom signal for graceful restart Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Re-run tests Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix: Graceful shutdown for the API server (#18642) (#20981) * fix: Graceful shutdown for the API server (#18642) Closes #18642 Implements a graceful shutdown the the API server. Without this, ArgoCD API server will eventually return 502 during rolling update. However, healthcheck would return 503 if the server is terminating. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Init server only once, but keep re-initializing listeners Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Check error for SetParamInSettingConfigMap as needed after fresh master Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Prevent a data race Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Remove unused variable, don't pass lock when not necessary Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Try overriding URL instead of additional URLs Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Use a more specific url Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Use a custom signal for graceful restart Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * Re-run tests Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix: Graceful shutdown for the API server (#18642) (#20981) * fix: Graceful shutdown for the API server (#18642) Closes #18642 Implements a graceful shutdown the the API server. Without this, ArgoCD API server will eventually return 502 during rolling update. However, healthcheck would return 503 if the server is terminating. * Init server only once, but keep re-initializing listeners * Check error for SetParamInSettingConfigMap as needed after fresh master * Prevent a data race * Remove unused variable, don't pass lock when not necessary * Try overriding URL instead of additional URLs * Use a more specific url --------- * Use a custom signal for graceful restart * Re-run tests --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Andrii Korotkov <137232734+andrii-korotkov-verkada@users.noreply.github.com> Co-authored-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Closes #18642
fix #18576
Implements a graceful shutdown the the API server. Without this, ArgoCD API server will eventually return 502 during rolling update. However, healthcheck would return 503 if the server is terminating.
Checklist: