49 lines
1.4 KiB
Markdown
49 lines
1.4 KiB
Markdown
# Operator Recipes
|
|
|
|
## Service-IP Smoke Checks
|
|
|
|
Avoid one-shot `kubectl run --rm -i` probes for service connectivity.
|
|
The container can exit before the connection result is reliable, which
|
|
creates false negatives during rollout debugging.
|
|
|
|
Use a persistent pod, wait for readiness, then exec the probe:
|
|
|
|
```bash
|
|
NAMESPACE=vergabe-teilnahme \
|
|
tools/smoke-service.sh http://vergabe-teilnahme.vergabe-teilnahme.svc/health/
|
|
```
|
|
|
|
Reuse the same pod for a debugging session:
|
|
|
|
```bash
|
|
NAMESPACE=vergabe-teilnahme POD_NAME=service-smoke \
|
|
tools/smoke-service.sh http://vergabe-teilnahme.vergabe-teilnahme.svc/health/
|
|
```
|
|
|
|
Clean it up when finished:
|
|
|
|
```bash
|
|
kubectl delete pod service-smoke -n vergabe-teilnahme
|
|
```
|
|
|
|
Or set `CLEANUP=true` for a single checked run.
|
|
|
|
## Manifest Server Dry-Run
|
|
|
|
Schema drift in live CRDs is caught by server-side dry-run, not by Helm
|
|
rendering alone:
|
|
|
|
```bash
|
|
make k8s-server-dry-run
|
|
```
|
|
|
|
The command expects a representative Kubernetes API server with the same
|
|
APIs, CRDs, admission webhooks, ingress posture, and cert-manager posture as
|
|
the Railiance cluster. The CI workflow sets `DRY_RUN_CREATE_NAMESPACES=true`,
|
|
which creates the app namespace before server-side dry-run so namespaced
|
|
resources can validate. Use that mode only against a disposable or approved
|
|
representative cluster.
|
|
|
|
See `docs/manifest-server-dry-run.md` for runner, credential, and failure
|
|
classification rules.
|