Added livenessProbe for local nginx apiserver proxy liveness probe (#4222)

* Added configurable local apiserver proxy liveness probe

* Enable API LB healthcheck by default

* Fix template spacing and moved healthz location to nginx http section

* Fix healthcheck listen address to allow kubelet request healthcheck

inventory/sample/group_vars/all/all.yml

@@ -24,6 +24,8 @@ bin_dir: /usr/local/bin
 ## Local loadbalancer should use this port
 ## And must be set port 6443
 nginx_kube_apiserver_port: 6443
+## If nginx_kube_apiserver_healthcheck_port variable defined, enables proxy liveness check.
+nginx_kube_apiserver_healthcheck_port: 8081
 
 ### OTHER OPTIONAL VARIABLES
 ## For some things, kubelet needs to load kernel modules.  For example, dynamic kernel services are needed

roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2

@@ -25,6 +25,12 @@ spec:
         memory: {{ nginx_memory_requests }}
     securityContext:
       privileged: true
+    {% if nginx_kube_apiserver_healthcheck_port is defined -%}
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: {{ nginx_kube_apiserver_healthcheck_port }}
+    {% endif -%}
     volumeMounts:
     - mountPath: /etc/nginx
       name: etc-nginx

roles/kubernetes/node/templates/nginx.conf.j2

@@ -12,7 +12,7 @@ stream {
             least_conn;
             {% for host in groups['kube-master'] -%}
             server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
-            {% endfor %}
+            {% endfor -%}
         }
 
         server {
@@ -22,5 +22,16 @@ stream {
             proxy_connect_timeout 1s;
 
         }
-
+}
+
+http {
+        {% if nginx_kube_apiserver_healthcheck_port is defined -%}
+        server {
+            listen {{ nginx_kube_apiserver_healthcheck_port }};
+            location /healthz {
+              access_log off;
+              return 200;
+            }
+        }
+        {% endif -%}  
 }