diff --git a/manifests/profile/kubernetes/destination_port/api.pp b/manifests/profile/kubernetes/destination_port/api.pp index 62a2ac27c..1f950d608 100644 --- a/manifests/profile/kubernetes/destination_port/api.pp +++ b/manifests/profile/kubernetes/destination_port/api.pp @@ -1,4 +1,4 @@ -# Copyright (c) 2020 The Regents of the University of Michigan. +# Copyright (c) 2020, 2024 The Regents of the University of Michigan. # All Rights Reserved. Licensed according to the terms of the Revised # BSD License. See LICENSE.txt for details. @@ -8,7 +8,7 @@ @@concat_fragment { "haproxy kubernetes api ${::hostname}": target => '/etc/haproxy/services.d/api.cfg', order => '02', - content => " server ${::hostname} ${::ipaddress}:6443 check\n", + content => " server ${::hostname} ${::ipaddress}:6443 check ssl verify none\n", tag => "${cluster_name}_haproxy_kubernetes_api", } } diff --git a/spec/classes/profile/kubernetes/destination_port_spec.rb b/spec/classes/profile/kubernetes/destination_port_spec.rb index 9e13369ca..e34e48759 100644 --- a/spec/classes/profile/kubernetes/destination_port_spec.rb +++ b/spec/classes/profile/kubernetes/destination_port_spec.rb @@ -1,16 +1,18 @@ # frozen_string_literal: true -# Copyright (c) 2020 The Regents of the University of Michigan. +# Copyright (c) 2020, 2024 The Regents of the University of Michigan. # All Rights Reserved. Licensed according to the terms of the Revised # BSD License. See LICENSE.txt for details. require 'spec_helper' [ - ['api', 6443], - ['etcd', 2379], - ['https_alt', 31443], - ['gelf_tcp', 32201], -].each do |service, port| + ['api', 6443, 'check ssl verify none'], + ['etcd', 2379, 'check'], + ['http', 30080, 'check send-proxy'], + ['https', 30443, 'check send-proxy'], + ['https_alt', 31443, 'check'], + ['gelf_tcp', 32201, 'check'], +].each do |service, port, options| describe "nebula::profile::kubernetes::destination_port::#{service}" do on_supported_os.each do |os, os_facts| context "on #{os}" do @@ -26,35 +28,7 @@ is_expected.to contain_concat_fragment("haproxy kubernetes #{service.tr('_', ' ')} #{facts[:hostname]}") .with_target("/etc/haproxy/services.d/#{service}.cfg") .with_order('02') - .with_content(" server #{facts[:hostname]} #{facts[:ipaddress]}:#{port} check\n") - .with_tag("first_cluster_haproxy_kubernetes_#{service}") - end - end - end - end - end -end - -[ - ['http', 30080], - ['https', 30443], -].each do |service, port| - describe "nebula::profile::kubernetes::destination_port::#{service}" do - on_supported_os.each do |os, os_facts| - context "on #{os}" do - let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/first_cluster_config.yaml' } - let(:facts) { os_facts } - - it { is_expected.to compile } - - describe 'exported resources' do - subject { exported_resources } - - it do - is_expected.to contain_concat_fragment("haproxy kubernetes #{service.tr('_', ' ')} #{facts[:hostname]}") - .with_target("/etc/haproxy/services.d/#{service}.cfg") - .with_order('02') - .with_content(" server #{facts[:hostname]} #{facts[:ipaddress]}:#{port} check send-proxy\n") + .with_content(" server #{facts[:hostname]} #{facts[:ipaddress]}:#{port} #{options}\n") .with_tag("first_cluster_haproxy_kubernetes_#{service}") end end diff --git a/templates/profile/kubernetes/haproxy/services.d/api.cfg.erb b/templates/profile/kubernetes/haproxy/services.d/api.cfg.erb index f7a3b4bbf..80bb82b1d 100644 --- a/templates/profile/kubernetes/haproxy/services.d/api.cfg.erb +++ b/templates/profile/kubernetes/haproxy/services.d/api.cfg.erb @@ -7,5 +7,6 @@ frontend kubernetes-api-front backend kubernetes-api-back mode tcp - option tcp-check balance roundrobin + option httpchk HEAD / + http-check expect status 403