From 6ac3354de5a75a39cc782784b289ed1dfeb1a988 Mon Sep 17 00:00:00 2001
From: Jeff Mesnil <jmesnil@redhat.com>
Date: Thu, 23 Jan 2025 09:27:50 +0100
Subject: [PATCH] OCPBUGS-48790: Add a liveness probe to the extractor
 container

The extractor container relies on critctl to collect container information

If the crio.service is restarted on the worker nodes when the CA bundle has
been updated by the proxy/cluster, the container would not be able to connect
anymore on the restarted CRI-O service.

Adding a liveness probe that check that crictl works as expected ensure that
the container will be killed and restarted with the correct TLS settings to
connect to the CRI-O service.

This fixes https://issues.redhat.com/browse/OCPBUGS-48790.

Upstream PR is #1067.

Signed-off-by: Jeff Mesnil <jmesnil@redhat.com>
---
 manifests/10-insights-runtime-extractor.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/manifests/10-insights-runtime-extractor.yaml b/manifests/10-insights-runtime-extractor.yaml
index aae14f4fc..b3421fa1b 100644
--- a/manifests/10-insights-runtime-extractor.yaml
+++ b/manifests/10-insights-runtime-extractor.yaml
@@ -93,6 +93,13 @@ spec:
           env:
             - name: CONTAINER_RUNTIME_ENDPOINT
               value: unix:///crio.sock
+          livenessProbe:
+            exec:
+              command:
+                - crictl
+                - info
+              periodSeconds: 10
+              failureThreshold: 2
           resources: 
             requests:
               cpu: 10m