From 544ea1dbacee02cce59d0f68782ac363625b6083 Mon Sep 17 00:00:00 2001 From: Mike Mason Date: Tue, 7 Feb 2023 08:15:54 -0600 Subject: [PATCH] configurable liveness and readiness probes (#40) * configurable liveness and readiness probes Liveness and Readiness probes break if deploying krakend with tls enabled. If enabled, the httpGet of both need to be updated to have `scheme: HTTPS` Signed-off-by: Mike Mason * expand schema to include liveness and readiness probe details --------- Signed-off-by: Mike Mason --- README.md | 2 + templates/deployment.yaml | 14 +-- values.schema.json | 244 ++++++++++++++++++++++++++++++++++++++ values.yaml | 12 ++ 4 files changed, 264 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 02ae3f6..6237117 100644 --- a/README.md +++ b/README.md @@ -56,10 +56,12 @@ please refer to [the official krakend documentation](https://www.krakend.io/docs | krakend.partials | Object | `{"endpoints.tmpl":"[\n {\n \"endpoint\": \"/test\",\n \"method\": \"GET\",\n \"backend\": [\n {\n \"method\": \"GET\",\n \"host\": [],\n \"url_pattern\": \"/__debug/roots\",\n \"encoding\": \"json\",\n \"deny\": [\n \"message\"\n ]\n }\n ],\n \"extra_config\": {\n \"proxy\": {\n \"static\": {\n \"data\": {\n \"collection\": [\n {\n \"directories\": [\n \"Graceland\"\n ]\n }\n ],\n \"version\": \"deficient\"\n },\n \"strategy\": \"always\"\n }\n }\n },\n \"output_encoding\": \"json\"\n }\n]","input_headers.tmpl":"\"input_headers\": [\n \"Content-Type\",\n \"ClientId\"\n]","rate_limit_backend.tmpl":"\"qos/ratelimit/proxy\": {\n \"max_rate\": 0.5,\n \"capacity\": 1\n}"}` | The default configuration has a partials files that will be used to load several aspects of the configuration. If you want to include expra partials, add or remove them here. | | krakend.settings | object | `{"service.json":"{\n\t\"environment\": \"PRODUCTION\",\n\t\"default_host\": \"http://localhost:8080\",\n\t\"timeout\": \"3s\",\n\t\"cache_ttl\": \"3s\",\n\t\"output_encoding\": \"json\"\n}"}` | The default configuration has a settings files that will be used to load several aspects of the configuration. | | krakend.templates | object | `{}` | While default configuration does not take into use templates; you may want to add your own templates here. Note that you'd need to set a custom configuration file to use them. | +| livenessProbe | object | `{"httpGet":{"path":"/__health","port":"http"}}` | The livenessProbe to use for the krakend pod | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | The nodeSelector to use for the krakend pod | | podAnnotations | object | `{}` | The annotations to use for the krakend pod | | podSecurityContext | object | `{}` | The securityContext to use for the krakend pod | +| readinessProbe | object | `{"httpGet":{"path":"/__health","port":"http"}}` | The readinessProbe to use for the krakend pod | | replicaCount | int | `1` | Number of replicas to deploy | | resources | object | `{}` | The resources to use for the krakend pod | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"add":["NET_BIND_SERVICE"],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000}` | The securityContext to use for the krakend container | diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 90a11ba..87794f3 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -75,14 +75,12 @@ spec: - name: http containerPort: {{ .Values.service.targetPort }} protocol: TCP - livenessProbe: - httpGet: - path: /__health - port: http - readinessProbe: - httpGet: - path: /__health - port: http + {{- with .Values.livenessProbe }} + livenessProbe: {{ toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: {{ toYaml . | nindent 12 }} + {{- end }} volumeMounts: - name: tmp mountPath: /tmp diff --git a/values.schema.json b/values.schema.json index aad09bc..13098b1 100644 --- a/values.schema.json +++ b/values.schema.json @@ -106,6 +106,128 @@ } } }, + "livenessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", + "properties": { + "exec": { + "description": "ExecAction describes a \"run in container\" action.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "httpGet": { + "description": "HTTPGetAction describes an action based on HTTP Get requests.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocketAction describes an action based on opening a socket", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, "nameOverride": { "type": "string" }, @@ -118,6 +240,128 @@ "podSecurityContext": { "type": "object" }, + "readinessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", + "properties": { + "exec": { + "description": "ExecAction describes a \"run in container\" action.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "httpGet": { + "description": "HTTPGetAction describes an action based on HTTP Get requests.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocketAction describes an action based on opening a socket", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, "replicaCount": { "type": "integer" }, diff --git a/values.yaml b/values.yaml index 8f98b58..198dee6 100644 --- a/values.yaml +++ b/values.yaml @@ -191,3 +191,15 @@ extraVolumeMounts: [] # -- (array) extraVolumes allows you to mount extra volumes to the krakend pod extraVolumes: [] + +# -- (object) The livenessProbe to use for the krakend pod +livenessProbe: + httpGet: + path: /__health + port: http + +# -- (object) The readinessProbe to use for the krakend pod +readinessProbe: + httpGet: + path: /__health + port: http