1.4 KiB
Operator Recipes
Service-IP Smoke Checks
Avoid one-shot kubectl run --rm -i probes for service connectivity.
The container can exit before the connection result is reliable, which
creates false negatives during rollout debugging.
Use a persistent pod, wait for readiness, then exec the probe:
NAMESPACE=vergabe-teilnahme \
tools/smoke-service.sh http://vergabe-teilnahme.vergabe-teilnahme.svc/health/
Reuse the same pod for a debugging session:
NAMESPACE=vergabe-teilnahme POD_NAME=service-smoke \
tools/smoke-service.sh http://vergabe-teilnahme.vergabe-teilnahme.svc/health/
Clean it up when finished:
kubectl delete pod service-smoke -n vergabe-teilnahme
Or set CLEANUP=true for a single checked run.
Manifest Server Dry-Run
Schema drift in live CRDs is caught by server-side dry-run, not by Helm rendering alone:
make k8s-server-dry-run
The command expects a representative Kubernetes API server with the same
APIs, CRDs, admission webhooks, ingress posture, and cert-manager posture as
the Railiance cluster. The CI workflow sets DRY_RUN_CREATE_NAMESPACES=true,
which creates the app namespace before server-side dry-run so namespaced
resources can validate. Use that mode only against a disposable or approved
representative cluster.
See docs/manifest-server-dry-run.md for runner, credential, and failure
classification rules.