From 669ab10c17f96698f14337599474edefc4ac52e9 Mon Sep 17 00:00:00 2001
From: Dmitry Chepurovskiy <me@dm3ch.net>
Date: Thu, 28 Mar 2019 16:20:46 +0300
Subject: [PATCH] Added livenessProbe for local nginx apiserver proxy liveness
 probe (#4222)

* Added configurable local apiserver proxy liveness probe

* Enable API LB healthcheck by default

* Fix template spacing and moved healthz location to nginx http section

* Fix healthcheck listen address to allow kubelet request healthcheck
---
 inventory/sample/group_vars/all/all.yml           |  2 ++
 .../templates/manifests/nginx-proxy.manifest.j2   |  6 ++++++
 roles/kubernetes/node/templates/nginx.conf.j2     | 15 +++++++++++++--
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
index 60c641d1c..bcb34be4c 100644
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -24,6 +24,8 @@ bin_dir: /usr/local/bin
 ## Local loadbalancer should use this port
 ## And must be set port 6443
 nginx_kube_apiserver_port: 6443
+## If nginx_kube_apiserver_healthcheck_port variable defined, enables proxy liveness check.
+nginx_kube_apiserver_healthcheck_port: 8081
 
 ### OTHER OPTIONAL VARIABLES
 ## For some things, kubelet needs to load kernel modules.  For example, dynamic kernel services are needed
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index 8a7b0cd41..fbe170cfa 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -25,6 +25,12 @@ spec:
         memory: {{ nginx_memory_requests }}
     securityContext:
       privileged: true
+    {% if nginx_kube_apiserver_healthcheck_port is defined -%}
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: {{ nginx_kube_apiserver_healthcheck_port }}
+    {% endif -%}
     volumeMounts:
     - mountPath: /etc/nginx
       name: etc-nginx
diff --git a/roles/kubernetes/node/templates/nginx.conf.j2 b/roles/kubernetes/node/templates/nginx.conf.j2
index 99a48d65d..3e5374b71 100644
--- a/roles/kubernetes/node/templates/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@@ -12,7 +12,7 @@ stream {
             least_conn;
             {% for host in groups['kube-master'] -%}
             server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
-            {% endfor %}
+            {% endfor -%}
         }
 
         server {
@@ -22,5 +22,16 @@ stream {
             proxy_connect_timeout 1s;
 
         }
-
+}
+
+http {
+        {% if nginx_kube_apiserver_healthcheck_port is defined -%}
+        server {
+            listen {{ nginx_kube_apiserver_healthcheck_port }};
+            location /healthz {
+              access_log off;
+              return 200;
+            }
+        }
+        {% endif -%}  
 }