Page MenuHomePhabricator
Create Task
Maniphest T341919

Support probes in kubernetes webservices
Closed, ResolvedPublicFeature
Actions

Description

Feature summary:
The webservice command should include support to declare k8s probes for webservices using the Kubernetes backend.

Use case(s):

  • zero-downtime restart (compare T337182) using startup probes (startupProbe)
  • automatic restart in case of issues (e.g. worker node problems) using readiness or liveness probes (readinessProbe, livenessProbe)

Benefits:
With native support of probes in webservice, users won’t have to bypass webservice and interact with k8s objects directly to fulfill the use cases listed above. (Currently, users can patch probes into their deployment on their own, but any such patches will be lost on the next webservice restart, because that recreates the entire deployment; so until webservice supports probes natively, such users will have to do restarts without it, using kubectl rollout restart deployment.)

Details

TitleReferenceAuthorSource BranchDest Branch
d/changelog: bump to 0.103.2repos/cloud/toolforge/tools-webservice!25dcarobump_to_0.103.2main
k8s: allow passing the http probe pathrepos/cloud/toolforge/tools-webservice!24dcaroadd_http_probesmain
Customize query in GitLab

Related Objects
Search...

Event Timeline

LucasWerkmeister created this task.Jul 15 2023, 11:43 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 15 2023, 11:43 AM
LucasWerkmeister mentioned this in T337182: `webservice restart` should do a graceful restart on Kubernetes.Jul 15 2023, 11:45 AM
LucasWerkmeister added a comment.Jul 15 2023, 11:49 AM

I don’t think webservice necessarily has to support patching in raw YAML snippets as each probe type, at least not as the main mode of this feature. We can probably assume that HTTP probes are the common case, and standardize on a common default path (e.g. /health or /healthz), which would then also be filtered out of access logs by default (T127367? though that talks about error logs).

See also T314053: Allow automatically restarting tool web services if non OK error code (which I think is closer to the automatic restart use case than the zero-downtime restart use case).

Legoktm subscribed.Jul 16 2023, 2:52 AM

and standardize on a common default path (e.g. /health or /healthz), which would then also be filtered out of access logs by default

And if you have some good reason to deviate from the default path (my preference is /healthz since it doesn't conflict with a real word), it could be configurable via service.template.

taavi merged a task: T356907: [webservice] Add health probes for port 8080.Feb 7 2024, 7:59 PM
taavi added subscribers: dcaro, Dvorapa, komla.
dcaro claimed this task.Feb 7 2024, 8:09 PM
dcaro edited projects, added Toolforge (Toolforge iteration 05); removed Toolforge.
dcaro triaged this task as Medium priority.Feb 8 2024, 9:00 AM
dcaro added a parent task: T356905: Migrate kmlexport from Toolforge GridEngine to Toolforge Kubernetes.Feb 8 2024, 11:43 AM
dcaro changed the task status from Open to In Progress.Feb 9 2024, 11:48 AM
dcaro moved this task from Next Up to In Progress on the Toolforge (Toolforge iteration 05) board.
CodeReviewBot added a project: Patch-For-Review.Feb 9 2024, 6:14 PM

dcaro opened https://gitlab.wikimedia.org/repos/cloud/toolforge/tools-webservice/-/merge_requests/23

add probes

tstarling subscribed.Feb 13 2024, 2:45 AM
tstarling mentioned this in T320210: Migrate zoomviewer from Toolforge GridEngine to Toolforge Kubernetes.Feb 13 2024, 3:36 AM
dcaro mentioned this in T319962: Migrate persondata from Toolforge GridEngine to Toolforge Kubernetes.Feb 13 2024, 3:27 PM
CodeReviewBot added a comment.Feb 13 2024, 3:49 PM

dcaro opened https://gitlab.wikimedia.org/repos/cloud/toolforge/tools-webservice/-/merge_requests/24

k8s: allow passing the http probe path

bd808 subscribed.Feb 13 2024, 5:38 PM
In T341919#9017404, @LucasWerkmeister wrote:

standardize on a common default path (e.g. /health or /healthz), which would then also be filtered out of access logs by default (T127367? though that talks about error logs).

Liveness and other lifecycle probes would happen from within Kubernetes and thus show on grafana dashboards via the Kubernetes stats import to Prometheus, but they would not route through the front proxy where we collect access log data for https://toolviews.toolforge.org/.

dcaro moved this task from In Progress to In Review on the Toolforge (Toolforge iteration 05) board.Feb 16 2024, 2:58 PM
dcaro edited projects, added Toolforge (Toolforge iteration 06); removed Toolforge (Toolforge iteration 05).Feb 21 2024, 10:10 AM
dcaro moved this task from Next Up to In Review on the Toolforge (Toolforge iteration 06) board.
CodeReviewBot added a comment.Feb 23 2024, 10:09 AM

dcaro merged https://gitlab.wikimedia.org/repos/cloud/toolforge/tools-webservice/-/merge_requests/23

k8s: add default tcp probes

bd808 mentioned this in T335592: [jobs-api,jobs-cli] Support job health checks.Feb 25 2024, 10:17 PM
bd808 merged a task: T246540: Some webservice-created applications do not have functioning liveness checks.
bd808 added a subscriber: Bstorm.
CodeReviewBot added a comment.Feb 27 2024, 4:23 PM

dcaro merged https://gitlab.wikimedia.org/repos/cloud/toolforge/tools-webservice/-/merge_requests/24

k8s: allow passing the http probe path

Maintenance_bot removed a project: Patch-For-Review.Feb 27 2024, 4:30 PM
CodeReviewBot added a project: Patch-For-Review.Feb 28 2024, 10:52 AM

dcaro opened https://gitlab.wikimedia.org/repos/cloud/toolforge/tools-webservice/-/merge_requests/25

d/changelog: bump to 0.103.2

Stashbot added a comment.Feb 28 2024, 11:57 AM

Mentioned in SAL (#wikimedia-cloud) [2024-02-28T11:57:21Z] <dcaro> deploy tools-webservice 0.103.2 with probes (T341919)

CodeReviewBot added a comment.Feb 28 2024, 12:03 PM

dcaro merged https://gitlab.wikimedia.org/repos/cloud/toolforge/tools-webservice/-/merge_requests/25

d/changelog: bump to 0.103.2

dcaro added a comment.Feb 28 2024, 12:11 PM

This is available for use now, I'll leave the task open to do a bit of following for the next few days monitoring https://grafana.wmcloud.org/d/3jhWxB8Vk/toolforge-general-overview?orgId=1

Current state:

image.png (1×3 px, 438 KB)

Maintenance_bot removed a project: Patch-For-Review.Feb 28 2024, 12:30 PM
bd808 added a comment.Feb 28 2024, 4:07 PM

@dcaro, this is awesome and I think also completely worthy of a message to cloud-announce. :)

Stashbot added a comment.Feb 28 2024, 6:50 PM

Mentioned in SAL (#wikimedia-cloud) [2024-02-28T18:50:17Z] <wmbot~lucaswerkmeister@tools-sgebastion-10> deployed 3030faaa3c (health-check-path, T341919)

LucasWerkmeister added a comment.Feb 28 2024, 6:53 PM

Seems to work like a charm, thanks a lot! The “only terminate old pod once new one is ready” seems to behave as expected:

Screenshot from 2024-02-28 19-49-39.png (633×952 px, 165 KB)

(The fact that the pods often seem to need exactly one restart before they become ready is strange but not new, that’s been happening on and off for a while.)

In T341919#9017404, @LucasWerkmeister wrote:

We can probably assume that HTTP probes are the common case, and standardize on a common default path (e.g. /health or /healthz), which would then also be filtered out of access logs by default (T127367? though that talks about error logs).

FWIW, as long as we don’t have the common logging solution yet, filtering out /healthz from the uWSGI logs turns out to be easy enough for Python webservices: see uwsgi.ini in the commit in my tool.

In T341919#9584300, @bd808 wrote:

@dcaro, this is awesome and I think also completely worthy of a message to cloud-announce. :)

+1 :)

LucasWerkmeister mentioned this in R2362:3030faaa3c06: Configure Toolforge health-check-path.Feb 28 2024, 7:07 PM
LucasWerkmeister added a comment.Feb 28 2024, 7:15 PM

FYI, I added this to the cookiecutter-toolforge template / boilerplate for new tools now: https://github.com/lucaswerkmeister/cookiecutter-toolforge/commit/621944e6a7aa7944cafa42efef03b9b2fccbbf01

Don-vip subscribed.Feb 29 2024, 1:06 PM
CodeReviewBot added a project: Patch-For-Review.Feb 29 2024, 1:50 PM

dcaro opened https://gitlab.wikimedia.org/repos/cloud/toolforge/tools-webservice/-/merge_requests/27

d/changelog: bump to 0.103.3

Dvorapa awarded a token.Feb 29 2024, 7:00 PM
tstarling added a comment.Feb 29 2024, 10:59 PM

If HTTP probes are configurable in service.template, can that please be documented on Wikitech? If it is not configurable, can that feature be added?

Don-vip awarded a token.Feb 29 2024, 11:00 PM
LucasWerkmeister added a comment.Feb 29 2024, 11:09 PM
In T341919#9589241, @tstarling wrote:

If HTTP probes are configurable in service.template, can that please be documented on Wikitech? If it is not configurable, can that feature be added?

Added something there. (It’s health-check-path: PATH, i.e. the service.template YAML and the command line option use the same key, similar to mem:/--mem or cpu:/--cpu.)

dcaro added a comment.Mar 1 2024, 10:41 AM
In T341919#9589279, @LucasWerkmeister wrote:
In T341919#9589241, @tstarling wrote:

If HTTP probes are configurable in service.template, can that please be documented on Wikitech? If it is not configurable, can that feature be added?

Added something there. (It’s health-check-path: PATH, i.e. the service.template YAML and the command line option use the same key, similar to mem:/--mem or cpu:/--cpu.)

Thanks, yes that's the key, you can see all the options that are set in the service.manifest file after you run toolforge webservice start ...options..., and copy that file as template.
We should add a subcommand to generate the template file with all the defaults too as example, that would be helpful.

dcaro closed this task as Resolved.Mar 4 2024, 1:49 PM
dcaro moved this task from In Review to Done on the Toolforge (Toolforge iteration 06) board.

Things seem stable, I'll close the task and reopen if any bugs arise.

Dvorapa added a comment.Mar 9 2024, 10:19 AM

Could someone point me to how to make the probe not appear in access.log for perl5.36 webservice?

LucasWerkmeister added a comment.Mar 9 2024, 12:03 PM
In T341919#9617675, @Dvorapa wrote:

Could someone point me to how to make the probe not appear in access.log for perl5.36 webservice?

Based on https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_accesslog#Disable-logging, this might work:

.lighttpd.conf
$HTTP["url"] == "/healthz" { accesslog.filename = "" }
taavi merged a task: T314053: Allow automatically restarting tool web services if non OK error code.Mar 14 2024, 5:39 PM
taavi added subscribers: RhinosF1, SD0001, taavi.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL