webhook: kubernetes + webhook + hotreload + error locating command

Hi everyone!

I found a weird behavior that should works (at least it’s working docker-compose and volumes) with kubernetes!

I’m trying to have pods with webhook and be able to hot-reload the hooks and scripts. 😄

With docker-compose and volumes, it’s working but now I want to step up a little bit with kubernetes!

In this issue, normally you’ll have everything to reproduce it on a k8s cluster!

So I got a simple setup with this manifest:

Manifest:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: d-webhook
spec:
  replicas: 1
  selector:
    matchLabels:
      app: a-webhook
  template:
    metadata:
      labels:
        app: a-webhook
    spec:  
      containers:
      - name: webhook-development
        imagePullPolicy: Always
        image: dalongrong/almir-webhook-curl
        ports:
        - containerPort: 9000
---
apiVersion: v1
kind: Service
metadata:
  name: s-webhook-development
spec:
  type: LoadBalancer
  ports:
  - port: 9000
    targetPort: 9000
  selector:
    app: a-webhook

And then, I copy scripts and hooks.yaml with kubectl

You’ll need the podname sooo:

kubectl get pods -l app=a-webhook -o json | jq -r '.items[].metadata.name'

With the name, you can replace “podname” with the correct name.

Copy the scripts to the pod:

kubectl cp ./scripts podname:/var/ podname

Copy the hooks to the pod:

kubectl cp ./hooks.yaml podname:/etc/webhook podname

hooks.yaml

-   id: ping
    execute-command: /var/scripts/ping.sh
    command-working-directory: ./
    response-message: pong

scripts/ping.sh

#!/bin/sh
echo "pong"

After you executed the two commands, you should have this:

[webhook] 2020/09/15 16:56:59 caught HUP signal
[webhook] 2020/09/15 16:56:59 attempting to reload hooks from /etc/webhook/hooks.yaml
[webhook] 2020/09/15 16:56:59 found 1 hook(s) in file
[webhook] 2020/09/15 16:56:59 	loaded: ping

So, normally it should mean the hook is hot-reloaded and the scripts are located at /var/scripts

If you bash in the pod, you can see the scripts!

And then, you can try to trigger the webhook but first you need to expose the port:

kubectl port-forward service/s-webhook-development 9000:9000

And then on your browser to make it simply, go to : http://localhost:9000/hooks/ping

You should see “pong” BUT on the logs :

[webhook] 2020/09/15 17:09:21 [c8acb1] incoming HTTP GET request from 127.0.0.1:60918
[webhook] 2020/09/15 17:09:21 [c8acb1] ping got matched
[webhook] 2020/09/15 17:09:21 [c8acb1] error parsing body payload due to unsupported content type header: 
[webhook] 2020/09/15 17:09:21 [c8acb1] ping hook triggered successfully
[webhook] 2020/09/15 17:09:21 [c8acb1] 200 | 4 B | 68.101µs | localhost:9000 | GET /hooks/ping
[webhook] 2020/09/15 17:09:21 [c8acb1] error locating command: '/var/scripts/ping.sh'

Thanks you for this amazing tool, can’t wait to resolve this, I’m having a lot of fun!

I hope I didn’t forgot something, normally it should work on your side!

Hope someone could help on this 😃

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 15

Commits related to this issue

Log stdlib error on failed exec.LookPath The error returned exec.LookPath was never surfaced to the user. Without that detail, the user can't tell the difference between a non-existent path and a per... — committed to moorereason/webhook by moorereason 4 years ago
Log stdlib error on failed exec.LookPath The error returned by exec.LookPath was never surfaced to the user. Without that detail, the user can't tell the difference between a non-existent path and a ... — committed to moorereason/webhook by moorereason 4 years ago
Log stdlib error on failed exec.LookPath The error returned by exec.LookPath was never surfaced to the user. Without that detail, the user can't tell the difference between a non-existent path and a ... — committed to moorereason/webhook by moorereason 4 years ago

Most upvoted comments

I’m closing the issue because it’s fixed now 😄

Hope it will help someone else!

Thanks you a looooooot @moorereason !!!

davidroman0O on Sep 15, 2020

If someone want the permission to be done inside the container with a cron job

FROM joemiller/go-init-sentinel as go-init-sentinel

FROM almir/webhook as webhook
COPY --from=go-init-sentinel /go-init-sentinel /go-init-sentinel
EXPOSE 9000

RUN apk update && apk add --no-cache curl 

COPY ./scripts /var/scripts
COPY ./hooks.yaml /etc/webhook

COPY ./cron.sh /etc/webhook

# Use crond -l 2 -f to debug inside the pod  
# Use crontab -l

# If you want every x seconds INSIDE change the code
RUN echo '*  *  *  *  *    /etc/webhook/cron.sh' > /etc/crontabs/root  

ENTRYPOINT [ "/go-init-sentinel", "-watch=/etc/webhook/hooks.yaml:SIGHUP", "-watch=/var/scripts/:SIGHUP", "--"]

# Default command
CMD crond -l 2 -b && webhook -verbose -debug -hooks=/etc/webhook/hooks.yaml -hotreload

cron.sh

#!/bin/sh

echo "/var/scripts start"

REMAIN=60
INC=5  
while [ $REMAIN -gt 0 ]
do 
    /bin/cmd -arg1
    sleep $INC
    # echo "ok $REMAIN" 
    chmod 777 -R /var/scripts
    REMAIN=$(($REMAIN - $INC))
done

sleep 1
echo "end" 
sleep 1

echo "/var/scripts done"

./scripts/ping.sh

#!/bin/sh

echo "pong"

./hooks.yaml

#   this is an empty hook
#   have to be replace dynamically
-   id: ping
    execute-command: /var/scripts/ping.sh
    command-working-directory: ./
    response-message: pong

With all of those files and basic configuration, the cron job will need 1 min after the launch of the container… an after that every 5 seconds the permission is given to the files.

So just execute a command to copy files at /var/scripts and then wait 5 secs, and it should be ok! Have fun!

davidroman0O on Sep 15, 2020