-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Add cloud IPAM health check #11036
Copy link
Copy link
Open
Labels
area/agentCilium agent related.Cilium agent related.area/ipamIP address management, including cloud IPAMIP address management, including cloud IPAMarea/operatorImpacts the cilium-operator componentImpacts the cilium-operator componentintegration/cloudRelated to integration with cloud environments such as AKS, EKS, GKE, etc.Related to integration with cloud environments such as AKS, EKS, GKE, etc.kind/featureThis introduces new functionality.This introduces new functionality.pinnedThese issues are not marked stale by our issue bot.These issues are not marked stale by our issue bot.
Description
Metadata
Metadata
Assignees
Labels
area/agentCilium agent related.Cilium agent related.area/ipamIP address management, including cloud IPAMIP address management, including cloud IPAMarea/operatorImpacts the cilium-operator componentImpacts the cilium-operator componentintegration/cloudRelated to integration with cloud environments such as AKS, EKS, GKE, etc.Related to integration with cloud environments such as AKS, EKS, GKE, etc.kind/featureThis introduces new functionality.This introduces new functionality.pinnedThese issues are not marked stale by our issue bot.These issues are not marked stale by our issue bot.
Proposal / RFE
The cilium-operator (soon to be one IPAM binary per cloud integration) should have its health check take into consideration if it can successfully communicate and take actions against the cloud API.
Is your feature request related to a problem?
In my specific case I deployed the operator with some misconfigured AWS creds (using the AWS ENI IPAM) and the operator always reported healthy even though all AWS EC2 API calls were failing.
Describe the solution you'd like
Talking with @tgraf and @errordeveloper in slack there are a couple of options:
I'm happy with both -- just need to define clearly on what conditions the API calls would fail.