Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tcpSocket doesn't actually test TCP ports inside container #48

Open
KyleFromNVIDIA opened this issue Feb 12, 2024 · 0 comments
Open

tcpSocket doesn't actually test TCP ports inside container #48

KyleFromNVIDIA opened this issue Feb 12, 2024 · 0 comments

Comments

@KyleFromNVIDIA
Copy link
Contributor

KyleFromNVIDIA commented Feb 12, 2024
edited
Loading

Consider the following:

#!/bin/sh

set -ex

cat > phony-tcp.Dockerfile <<EOF
FROM ubuntu:22.04

# It succeeds even without the EXPOSE command
# EXPOSE 8080

CMD /bin/bash -c 'while true; do sleep 60; done'
EOF

cat > phony-tcp.yaml <<EOF
apiVersion: container-canary.nvidia.com/v1
kind: Validator
name: phony-tcp
description: phony-tcp checks
ports:
  - port: 8080
    protocol: tcp
checks:
  - name: tcp
    probe:
      tcpSocket:
        port: 8080
EOF

docker build -t phony-tcp -f phony-tcp.Dockerfile .

container-canary validate --file phony-tcp.yaml phony-tcp

The check succeeds even though the container is clearly not listening to port 8080, because container-canary is connecting to the Docker proxy, rather than the actual process inside the container.

Unfortunately, I'm not sure on how to actually fix this. We may have to simply issue a warning for this particular check.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KyleFromNVIDIA