deprecate readiness probes (#159)

depends on MinIO PR based on new findings
minio/minio#9941

docs/operator-fields.md

@@ -35,7 +35,6 @@ MinIO Operator creates native Kubernetes resources within the cluster. If the Mi
 | spec.externalCertSecret | Set an external secret with private key and certificate to be used to enabled TLS on MinIOInstance pods. Note that only one of `spec.requestAutoCert` or `spec.externalCertSecret` should be enabled at a time. Follow [the document here](https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret) to create the secret to be passed in this section. |
 | spec.resources | Specify CPU and Memory resources for each MinIOInstance container. Refer [this document](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-types) for details. |
 | spec.liveness | Add liveness check for MinIOInstance containers. Refer [this document](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command) for details. |
-| spec.readiness | Add readiness check for MinIOInstance containers. Only single node MinIOInstance container should enable readiness checks. Refer [this document](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command) for details. |
 | spec.nodeSelector | Add a selector which must be true for the MinIOInstance pod to fit on a node. Refer [this document](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) for details.|
 | spec.tolerations | Define a toleration for the MinIOInstance pod to match on a taint. Refer [this document](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) for details. |
 | spec.securityContext | Define a security context for the MinIOInstance pod. Refer [this document](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for details. |

examples/minioinstance-kes.yaml

@@ -115,8 +115,6 @@ spec:
   ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel"
   ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
   ## for details. Defaults to "Parallel"
-  ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only
-  ## work if PodManagementPolicy is set to "Parallel".
   podManagementPolicy: Parallel
   ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate.
   ## Internal DNS name for the pod will be used if CommonName is not provided.
@@ -145,17 +143,8 @@ spec:
   ## is not working properly and needs restart. Kubernetes automatically
   ## restarts the pods if liveness checks fail.
   liveness:
-    initialDelaySeconds: 120
-    periodSeconds: 15
-    timeoutSeconds: 12 # should always greater than MINIO_API_READY_DEADLINE (which defaults to 10s)
-  ## Readiness probe detects situations when MinIO server instance
-  ## is not ready to accept traffic. Kubernetes doesn't forward
-  ## traffic to the pod while readiness checks fail.
-  ## Readiness check will only work if PodManagementPolicy is set to "Parallel".
-  ## Disable this check if you're setting PodManagementPolicy to "OrderedReady".
-  readiness:
-    initialDelaySeconds: 120
-    periodSeconds: 15
+    initialDelaySeconds: 10
+    periodSeconds: 1
     timeoutSeconds: 1
   ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
   ## eligible to run on a node, the node must have each of the

examples/minioinstance-mcs.yaml

@@ -102,8 +102,6 @@ spec:
   ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel"
   ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
   ## for details. Defaults to "Parallel"
-  ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only
-  ## work if PodManagementPolicy is set to "Parallel".
   podManagementPolicy: Parallel
   ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate.
   ## Internal DNS name for the pod will be used if CommonName is not provided.
@@ -132,17 +130,8 @@ spec:
   ## is not working properly and needs restart. Kubernetes automatically
   ## restarts the pods if liveness checks fail.
   liveness:
-    initialDelaySeconds: 120
-    periodSeconds: 15
-    timeoutSeconds: 12 # should always greater than MINIO_API_READY_DEADLINE (which defaults to 10s)
-  ## Readiness probe detects situations when MinIO server instance
-  ## is not ready to accept traffic. Kubernetes doesn't forward
-  ## traffic to the pod while readiness checks fail.
-  ## Readiness check will only work if PodManagementPolicy is set to "Parallel".
-  ## Disable this check if you're setting PodManagementPolicy to "OrderedReady".
-  readiness:
-    initialDelaySeconds: 120
-    periodSeconds: 15
+    initialDelaySeconds: 10
+    periodSeconds: 1
     timeoutSeconds: 1
   ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
   ## eligible to run on a node, the node must have each of the

examples/minioinstance-pod-security-policy.yaml

@@ -53,11 +53,11 @@ kind: ClusterRole
 metadata:
   name: minio-pods-role
 rules:
-- apiGroups: 
+- apiGroups:
   - "policy"
-  resources: 
+  resources:
   - "podsecuritypolicies"
-  verbs: 
+  verbs:
   - "use"
   resourceNames:
   - "minio-pods-policy"
@@ -129,8 +129,6 @@ spec:
   ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel"
   ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
   ## for details. Defaults to "Parallel"
-  ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only
-  ## work if PodManagementPolicy is set to "Parallel".
   podManagementPolicy: Parallel
   ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained
   ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
@@ -166,16 +164,8 @@ spec:
   ## is not working properly and needs restart. Kubernetes automatically
   ## restarts the pods if liveness checks fail.
   liveness:
-    initialDelaySeconds: 120
-    periodSeconds: 60
-  ## Readiness probe detects situations when MinIO server instance
-  ## is not ready to accept traffic. Kubernetes doesn't forward
-  ## traffic to the pod while readiness checks fail.
-  ## Readiness check will only work if PodManagementPolicy is set to "Parallel".
-  ## Disable this check if you're setting PodManagementPolicy to "OrderedReady".
-  readiness:
-    initialDelaySeconds: 120
-    periodSeconds: 60
+    initialDelaySeconds: 10
+    periodSeconds: 1
   ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
   ## eligible to run on a node, the node must have each of the
   ## indicated key-value pairs as labels.

examples/minioinstance.yaml

@@ -75,8 +75,6 @@ spec:
   ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel"
   ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
   ## for details. Defaults to "Parallel"
-  ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only
-  ## work if PodManagementPolicy is set to "Parallel".
   podManagementPolicy: Parallel
   ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained
   ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
@@ -100,8 +98,6 @@ spec:
   #    value: storage
   ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
   # env:
-    # - name: MINIO_API_READY_DEADLINE
-    #   value: "10s"
     # - name: MINIO_BROWSER
     #   value: "off" # to turn-off browser
     # - name: MINIO_STORAGE_CLASS_STANDARD
@@ -114,17 +110,8 @@ spec:
   ## is not working properly and needs restart. Kubernetes automatically
   ## restarts the pods if liveness checks fail.
   liveness:
-    initialDelaySeconds: 120
-    periodSeconds: 15
-    timeoutSeconds: 12 # should always greater than MINIO_API_READY_DEADLINE (which defaults to 10s)
-  ## Readiness probe detects situations when MinIO server instance
-  ## is not ready to accept traffic. Kubernetes doesn't forward
-  ## traffic to the pod while readiness checks fail.
-  ## Readiness check will only work if PodManagementPolicy is set to "Parallel".
-  ## Disable this check if you're setting PodManagementPolicy to "OrderedReady".
-  readiness:
-    initialDelaySeconds: 120
-    periodSeconds: 15
+    initialDelaySeconds: 10
+    periodSeconds: 1
     timeoutSeconds: 1
   ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
   ## eligible to run on a node, the node must have each of the

pkg/apis/operator.min.io/v1/constants.go

@@ -90,26 +90,14 @@ const DefaultVolumesPerServer = 1
 // DefaultZoneName specifies the default zone name
 const DefaultZoneName = "zone-0"
 
-// ReadinessPath specifies the endpoint for readiness check
-const ReadinessPath = "/minio/health/ready"
-
-// ReadinessInitialDelay specifies the initial delay in calling the readiness endpoint
-const ReadinessInitialDelay = 120
-
-// ReadinessPeriod specifies the interval in calling the readiness endpoint
-const ReadinessPeriod = 15
-
-// ReadinessTimeout specifies the timeout for the readiness probe to expect a response
-const ReadinessTimeout = 12
-
 // LivenessPath specifies the endpoint for liveness check
 const LivenessPath = "/minio/health/live"
 
 // LivenessInitialDelay specifies the initial delay in calling the liveness endpoint
-const LivenessInitialDelay = 120
+const LivenessInitialDelay = 10
 
 // LivenessPeriod specifies the interval in calling the liveness endpoint
-const LivenessPeriod = 15
+const LivenessPeriod = 1
 
 // LivenessTimeout specifies the timeout for the liveness probe to expect a response
 const LivenessTimeout = 1

pkg/apis/operator.min.io/v1/helper.go

@@ -183,18 +183,6 @@ func (mi *MinIOInstance) EnsureDefaults() *MinIOInstance {
 		}
 	}
 
-	if mi.Spec.Readiness != nil {
-		if mi.Spec.Readiness.InitialDelaySeconds == 0 {
-			mi.Spec.Readiness.InitialDelaySeconds = ReadinessInitialDelay
-		}
-		if mi.Spec.Readiness.PeriodSeconds == 0 {
-			mi.Spec.Readiness.PeriodSeconds = ReadinessPeriod
-		}
-		if mi.Spec.Readiness.TimeoutSeconds == 0 {
-			mi.Spec.Readiness.TimeoutSeconds = ReadinessTimeout
-		}
-	}
-
 	if mi.Spec.Liveness != nil {
 		if mi.Spec.Liveness.InitialDelaySeconds == 0 {
 			mi.Spec.Liveness.InitialDelaySeconds = LivenessInitialDelay

pkg/apis/operator.min.io/v1/types.go

@@ -103,9 +103,6 @@ type MinIOInstanceSpec struct {
 	// Liveness Probe for container liveness. Container will be restarted if the probe fails.
 	// +optional
 	Liveness *Liveness `json:"liveness,omitempty"`
-	// Readiness Probe for container readiness. Container will be removed from service endpoints if the probe fails.
-	// +optional
-	Readiness *Readiness `json:"readiness,omitempty"`
 	// RequestAutoCert allows user to enable Kubernetes based TLS cert generation and signing as explained here:
 	// https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
 	// +optional
@@ -166,13 +163,6 @@ type Liveness struct {
 	TimeoutSeconds      int32 `json:"timeoutSeconds"`
 }
 
-// Readiness specifies the spec for liveness probe
-type Readiness struct {
-	InitialDelaySeconds int32 `json:"initialDelaySeconds"`
-	PeriodSeconds       int32 `json:"periodSeconds"`
-	TimeoutSeconds      int32 `json:"timeoutSeconds"`
-}
-
 // MCSConfig defines the specifications for MCS Deployment
 type MCSConfig struct {
 	// Replicas defines number of pods for KES StatefulSet.

pkg/resources/services/service.go

@@ -35,10 +35,9 @@ func NewClusterIPForMinIO(mi *miniov1.MinIOInstance) *corev1.Service {
 			OwnerReferences: mi.OwnerRef(),
 		},
 		Spec: corev1.ServiceSpec{
-			PublishNotReadyAddresses: true,
-			Ports:                    []corev1.ServicePort{minioPort},
-			Selector:                 mi.MinIOPodLabels(),
-			Type:                     corev1.ServiceTypeClusterIP,
+			Ports:    []corev1.ServicePort{minioPort},
+			Selector: mi.MinIOPodLabels(),
+			Type:     corev1.ServiceTypeClusterIP,
 		},
 	}
 
@@ -56,11 +55,10 @@ func NewHeadlessForMinIO(mi *miniov1.MinIOInstance) *corev1.Service {
 			OwnerReferences: mi.OwnerRef(),
 		},
 		Spec: corev1.ServiceSpec{
-			PublishNotReadyAddresses: true,
-			Ports:                    []corev1.ServicePort{minioPort},
-			Selector:                 mi.MinIOPodLabels(),
-			Type:                     corev1.ServiceTypeClusterIP,
-			ClusterIP:                corev1.ClusterIPNone,
+			Ports:     []corev1.ServicePort{minioPort},
+			Selector:  mi.MinIOPodLabels(),
+			Type:      corev1.ServiceTypeClusterIP,
+			ClusterIP: corev1.ClusterIPNone,
 		},
 	}
 
@@ -78,11 +76,10 @@ func NewHeadlessForKES(mi *miniov1.MinIOInstance) *corev1.Service {
 			OwnerReferences: mi.OwnerRef(),
 		},
 		Spec: corev1.ServiceSpec{
-			PublishNotReadyAddresses: true,
-			Ports:                    []corev1.ServicePort{kesPort},
-			Selector:                 mi.KESPodLabels(),
-			Type:                     corev1.ServiceTypeClusterIP,
-			ClusterIP:                corev1.ClusterIPNone,
+			Ports:     []corev1.ServicePort{kesPort},
+			Selector:  mi.KESPodLabels(),
+			Type:      corev1.ServiceTypeClusterIP,
+			ClusterIP: corev1.ClusterIPNone,
 		},
 	}
 

pkg/resources/statefulsets/minio-statefulset.go

@@ -145,27 +145,12 @@ func volumeMounts(mi *miniov1.MinIOInstance) (mounts []corev1.VolumeMount) {
 	return mounts
 }
 
-func probes(mi *miniov1.MinIOInstance) (readiness, liveness *corev1.Probe) {
+func probes(mi *miniov1.MinIOInstance) (liveness *corev1.Probe) {
 	scheme := corev1.URIScheme(strings.ToUpper(miniov1.Scheme))
 	port := intstr.IntOrString{
 		IntVal: int32(miniov1.MinIOPort),
 	}
 
-	if mi.Spec.Readiness != nil {
-		readiness = &corev1.Probe{
-			Handler: corev1.Handler{
-				HTTPGet: &corev1.HTTPGetAction{
-					Path:   miniov1.ReadinessPath,
-					Port:   port,
-					Scheme: scheme,
-				},
-			},
-			InitialDelaySeconds: mi.Spec.Readiness.InitialDelaySeconds,
-			PeriodSeconds:       mi.Spec.Readiness.PeriodSeconds,
-			TimeoutSeconds:      mi.Spec.Readiness.TimeoutSeconds,
-		}
-	}
-
 	if mi.Spec.Liveness != nil {
 		liveness = &corev1.Probe{
 			Handler: corev1.Handler{
@@ -181,7 +166,7 @@ func probes(mi *miniov1.MinIOInstance) (readiness, liveness *corev1.Probe) {
 		}
 	}
 
-	return readiness, liveness
+	return liveness
 }
 
 // Builds the MinIO container for a MinIOInstance.
@@ -202,7 +187,7 @@ func minioServerContainer(mi *miniov1.MinIOInstance, serviceName string, hostsTe
 		}
 	}
 
-	readyProbe, liveProbe := probes(mi)
+	liveProbe := probes(mi)
 
 	return corev1.Container{
 		Name:  miniov1.MinIOServerName,
@@ -218,7 +203,6 @@ func minioServerContainer(mi *miniov1.MinIOInstance, serviceName string, hostsTe
 		Env:             minioEnvironmentVars(mi),
 		Resources:       mi.Spec.Resources,
 		LivenessProbe:   liveProbe,
-		ReadinessProbe:  readyProbe,
 	}
 }