OCPBUGS-44238: Add Readiness Probe to Router Status Tests

gcs278 · gcs278 · commit 4c53b853dd08 · 2025-01-17T21:02:58.000-05:00
Previously, the router was configured without a readiness probe, resulting in
racy startup conditions during router status stress tests. Routers would be
marked as ready immediately upon starting, causing the waitForReadyReplicaSet
function to proceed prematurely. This allowed the next step of route creation
to occur before the routers had fully initialized.

This often led to the first two routers to fight over the route status while
the third router was still starting. As a result, the third router missed
observing these early status contentions, leading to more writes to the
route status than we were expecting.

Adding the readiness probe also revealed that HAProxy was failing to start
due to insufficient permissions. The anyuid SCC was added to the router's
service account to resolve the issue.
diff --git a/test/extended/router/stress.go b/test/extended/router/stress.go
@@ -78,6 +78,22 @@ var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io]",
 				Name: "system:router",
 			},
 		}, metav1.CreateOptions{})
+		// Router pod needs anyuid, but system:router defaults to the restricted-v2 SCC, which does not provide it.
+		_, err = oc.AdminKubeClient().RbacV1().RoleBindings(ns).Create(context.Background(), &rbacv1.RoleBinding{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "router-anyuid",
+			},
+			Subjects: []rbacv1.Subject{
+				{
+					Kind: "ServiceAccount",
+					Name: "default",
+				},
+			},
+			RoleRef: rbacv1.RoleRef{
+				Kind: "ClusterRole",
+				Name: "system:openshift:scc:anyuid",
+			},
+		}, metav1.CreateOptions{})
 		o.Expect(err).NotTo(o.HaveOccurred())
 	})
 
@@ -552,11 +568,40 @@ func scaledRouter(name, image string, args []string) *appsv1.ReplicaSet {
 					Containers: []corev1.Container{
 						{
 							Env: []corev1.EnvVar{
-								{Name: "NAME", ValueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.name"}}},
+								{
+									Name: "NAME", ValueFrom: &corev1.EnvVarSource{
+										FieldRef: &corev1.ObjectFieldSelector{
+											FieldPath: "metadata.name",
+										},
+									},
+								},
+								{
+									Name: "POD_NAMESPACE",
+									ValueFrom: &corev1.EnvVarSource{
+										FieldRef: &corev1.ObjectFieldSelector{
+											FieldPath: "metadata.namespace",
+										},
+									},
+								},
 							},
 							Name:  "router",
 							Image: image,
-							Args:  args,
+							Args:  append(args, "--stats-port=1936", "--metrics-type=haproxy"),
+							Ports: []corev1.ContainerPort{
+								{
+									ContainerPort: 1936,
+									Name:          "stats",
+									Protocol:      corev1.ProtocolTCP,
+								},
+							},
+							ReadinessProbe: &corev1.Probe{
+								ProbeHandler: corev1.ProbeHandler{
+									HTTPGet: &corev1.HTTPGetAction{
+										Path: "/healthz/ready",
+										Port: intstr.FromInt32(1936),
+									},
+								},
+							},
 						},
 					},
 				},
