ClusterIP service check for UDP fails

[Sec42]

Describe the bug

If a ClusterIP service uses UDP, the generated check fails in a default icinga2 setup:

Error: Non-optional macro 'udp_expect' used in argument '-e' is missing.
(0) Executing check for object 'kubernetes-clusterip-services!kube-system-kube-dns-dns'

check_udp requires packet content to send/receive to verify that a port is open.

To Reproduce

Steps to reproduce the behavior:

Expected behavior

No error message :-) not really sure how to fix in a generic way.

Environment

• kube-icinga version: gyselroth/kube-icinga:latest
• kubernetes version: v1.14.1
• icinga2 version: r2.10.4-1

[raffis]

@Sec42 Well yes this wont be possible to fix in a generic way, but you may configure the udp_expect either globally for all services (Which usually doesn't makes sense since not all services are the same) or you configure it individually directly on the kubernetes service resource by either using a custom icinga service template (kube-icinga/template, which you have to create on icinga first) or by overwriting the defaults: Add a kube annotation directly on your kube-dns resource (Or any other resources): kube-icinga/definition: '{"vars.udp_expect":"xxx"}'

[Sec42]

I understand that this is not fixable in a generic way - at least I personally can't see a way - I was just surprised, as most of the defaults of kube-icinga are relatively conservative, to see that the out-of-the-box setup resulted in an error. I guess I would have expected it to be provisioned with a dummy check?

For the concrete service in question: Seeing that it is kube-dns, I am inclined to do an actual DNS check, and not use check_udp at all.

[raffis]

A dummy check for udp services will certainly make more sense, I will consider this for v2.1.