Napsty
Workload Check ignores Namespace name filter
First, thanks for your awesome rancher check plugin.
I found out, that the --namespacename (-n) filter is totally ignored for workload checks. I have a project with 3 namespaces, I only want to check one of this namesspaces, because the other are only test workloads of this project.
/check_rancher2.sh <connectdata (-H -P -U -S)> -t workload -p '<clusterid>:<projectid>' -n namespace1
/check_rancher2.sh <connectdata (-H -P -U -S)> -t workload -p '<clusterid>:<projectid>' -n namespace2
->both checks find all workloads in that project
/check_rancher2.sh <connectdata (-H -P -U -S)> -t workload -p '<clusterid>:<projectid>' -n dontexistingnamespace
-> this check works also, nevertheless "dontexistingnamespace" doesn't exist
I use the latest version of plugin (1.12.1) and connect to a Rancher v2.7.9
This is really strange. Maybe it's related to the Rancher version.
On Rancher 2.5 the check seems to work correctly. Two "nginx" workloads deployed across two namespaces (infiniroot and infinoroot2).
Standard check without giving a namespace identifies two workloads with the same name:
$ ./check_rancher2.sh -H myrancher -U token-xxxxx -P "secret" -S -t workload -p c-xxxxx:p-xxxxx -w nginx
CHECK_RANCHER2 UNKNOWN - Identical workload names detected in multiple namespaces. To check a specific workload you must also define the namespace (-n).
Workload check by defining the namespaces:
$ ./check_rancher2.sh -H myrancher -U token-xxxxx -P "secret" -S -t workload -p c-xxxxx:p-xxxxx -w nginx -n infiniroot
CHECK_RANCHER2 OK - Workload nginx in namespace infiniroot is active|'workload_active'=1;;;; 'workload_error'=0;;;; 'workload_warning'=0;;;; 'workload_ignored'=0;;;;
$ ./check_rancher2.sh -H myrancher -U token-xxxxx -P "secret" -S -t workload -p c-xxxxx:p-xxxxx -w nginx -n infiniroot2
CHECK_RANCHER2 OK - Workload nginx in namespace infiniroot2 is active|'workload_active'=1;;;; 'workload_error'=0;;;; 'workload_warning'=0;;;; 'workload_ignored'=0;;;;
Workload check with an invalid (not existing) namespace:
$ ./check_rancher2.sh -H myrancher -U token-xxxxx -P "secret" -S -t workload -p c-xxxxx:p-xxxxx -w nginx -n asdf
CHECK_RANCHER2 CRITICAL - Workload nginx in namespace asdf not found.
At least for Rancher 2.5 this looks correct.
I will verify with a Rancher 2.7 or 2.8 version, too.
Tested with Rancher 2.8, seems to work (same behaviour as for Rancher 2.5):
$ ./check_rancher2.sh -H rancher28.example.com -U token-xxxxx -P "secret" -S -t workload -p c-m-xxxxxxxx:p-xxxxx -w nginx
CHECK_RANCHER2 UNKNOWN - Identical workload names detected in multiple namespaces. To check a specific workload you must also define the namespace (-n).
$ ./check_rancher2.sh -H rancher28.example.com -U token-xxxxx -P "secret" -S -t workload -p c-m-xxxxxxxx:p-xxxxx -w nginx -n infiniroot
CHECK_RANCHER2 OK - Workload nginx in namespace infiniroot is active|'workload_active'=1;;;; 'workload_error'=0;;;; 'workload_warning'=0;;;; 'workload_ignored'=0;;;;
$ ./check_rancher2.sh -H rancher28.example.com -U token-xxxxx -P "secret" -S -t workload -p c-m-xxxxxxxx:p-xxxxx -w nginx -n infiniroot2
CHECK_RANCHER2 OK - Workload nginx in namespace infiniroot2 is active|'workload_active'=1;;;; 'workload_error'=0;;;; 'workload_warning'=0;;;; 'workload_ignored'=0;;;;
$ ./check_rancher2.sh -H rancher28.example.com -U token-xxxxx -P "secret" -S -t workload -p c-m-xxxxxxxx:p-xxxxx -w nginx -n infiniroot3
CHECK_RANCHER2 CRITICAL - Workload nginx in namespace infiniroot3 not found.
Can you run this again in your environment and share the output please?
Ah, now I see it. You didn't want to check a specific workload (-w workloadname) but ALL workloads in a specific namespace.
Yes, in this case the status quo is that this isn't supported. The -n namespace is irrelevant to a "all workload" check. It's probably not very clearly described in the help output.
Current workaround: Place the test workloads in a separate project or define the workloads you want to monitor with -w workloadname.
Yeah exactly, I tried to monitor ALL workloads in a namespace. Sad that this ins't supported.
I tested with -w and yeah, then it only found one workload as expected.
But this isn't suitable in my case, because the workloads can add/remove while an major update.
So may I can let it open as a feature request? My workaround solution maybe can be to split the projects in "app1" and "app1-testsystem" with differnt projects I can differ with that plugin. I will tried that out, but still not perfect in my case.