Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: make injector livenessProbe and readinessProbe configurable and add configurable startupProbe (#852)

Browse source
This commit is contained in:
Thy Ton 2023-03-16 12:03:27 -07:00 committed by GitHub
parent f4f05aaa74
commit 932891778f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 187 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -5,6 +5,7 @@ Changes:
Features:
* server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841](https://github.com/hashicorp/vault-helm/pull/841)
* injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852](https://github.com/hashicorp/vault-helm/pull/852)
## 0.23.0 (November 28th, 2022)

30
templates/injector-deployment.yaml
View file

@ -130,21 +130,31 @@ spec:
path: /health/ready
port: {{ .Values.injector.port }}
scheme: HTTPS
failureThreshold: 2
initialDelaySeconds: 5
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 5
failureThreshold: {{ .Values.injector.livenessProbe.failureThreshold }}
initialDelaySeconds: {{ .Values.injector.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.injector.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.injector.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.injector.livenessProbe.timeoutSeconds }}
readinessProbe:
httpGet:
path: /health/ready
port: {{ .Values.injector.port }}
scheme: HTTPS
failureThreshold: 2
initialDelaySeconds: 5
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 5
failureThreshold: {{ .Values.injector.readinessProbe.failureThreshold }}
initialDelaySeconds: {{ .Values.injector.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.injector.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.injector.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.injector.readinessProbe.timeoutSeconds }}
startupProbe:
httpGet:
path: /health/ready
port: {{ .Values.injector.port }}
scheme: HTTPS
failureThreshold: {{ .Values.injector.startupProbe.failureThreshold }}
initialDelaySeconds: {{ .Values.injector.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.injector.startupProbe.periodSeconds }}
successThreshold: {{ .Values.injector.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.injector.startupProbe.timeoutSeconds }}
{{- if .Values.injector.certs.secretName }}
volumeMounts:
- name: webhook-certs

129
test/unit/injector-deployment.bats
View file

@ -275,6 +275,135 @@ load _helpers
[ "${value}" = "auth/k8s" ]
}
@test "injector/deployment: default livenessProbe settings" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].livenessProbe' | tee /dev/stderr)
local actual=$(echo "$object" | yq '.failureThreshold' | tee /dev/stderr)
[ "${actual}" = "2" ]
local actual=$(echo "$object" | yq '.initialDelaySeconds' | tee /dev/stderr)
[ "${actual}" = "5" ]
local actual=$(echo "$object" | yq '.periodSeconds' | tee /dev/stderr)
[ "${actual}" = "2" ]
local actual=$(echo "$object" | yq '.successThreshold' | tee /dev/stderr)
[ "${actual}" = "1" ]
local actual=$(echo "$object" | yq '.timeoutSeconds' | tee /dev/stderr)
[ "${actual}" = "5" ]
}
@test "injector/deployment: can set livenessProbe settings" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.livenessProbe.failureThreshold=100' \
--set 'injector.livenessProbe.initialDelaySeconds=100' \
--set 'injector.livenessProbe.periodSeconds=100' \
--set 'injector.livenessProbe.successThreshold=100' \
--set 'injector.livenessProbe.timeoutSeconds=100' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].livenessProbe' | tee /dev/stderr)
local actual=$(echo "$object" | yq '.failureThreshold' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.initialDelaySeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.periodSeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.successThreshold' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.timeoutSeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
}
@test "injector/deployment: default readinessProbe settings" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr)
local actual=$(echo "$object" | yq '.failureThreshold' | tee /dev/stderr)
[ "${actual}" = "2" ]
local actual=$(echo "$object" | yq '.initialDelaySeconds' | tee /dev/stderr)
[ "${actual}" = "5" ]
local actual=$(echo "$object" | yq '.periodSeconds' | tee /dev/stderr)
[ "${actual}" = "2" ]
local actual=$(echo "$object" | yq '.successThreshold' | tee /dev/stderr)
[ "${actual}" = "1" ]
local actual=$(echo "$object" | yq '.timeoutSeconds' | tee /dev/stderr)
[ "${actual}" = "5" ]
}
@test "injector/deployment: can set readinessProbe settings" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.readinessProbe.failureThreshold=100' \
--set 'injector.readinessProbe.initialDelaySeconds=100' \
--set 'injector.readinessProbe.periodSeconds=100' \
--set 'injector.readinessProbe.successThreshold=100' \
--set 'injector.readinessProbe.timeoutSeconds=100' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr)
local actual=$(echo "$object" | yq '.failureThreshold' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.initialDelaySeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.periodSeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.successThreshold' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.timeoutSeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
}
@test "injector/deployment: default startupProbe settings" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].startupProbe' | tee /dev/stderr)
local actual=$(echo "$object" | yq '.failureThreshold' | tee /dev/stderr)
[ "${actual}" = "12" ]
local actual=$(echo "$object" | yq '.initialDelaySeconds' | tee /dev/stderr)
[ "${actual}" = "5" ]
local actual=$(echo "$object" | yq '.periodSeconds' | tee /dev/stderr)
[ "${actual}" = "5" ]
local actual=$(echo "$object" | yq '.successThreshold' | tee /dev/stderr)
[ "${actual}" = "1" ]
local actual=$(echo "$object" | yq '.timeoutSeconds' | tee /dev/stderr)
[ "${actual}" = "5" ]
}
@test "injector/deployment: can set startupProbe settings" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.startupProbe.failureThreshold=100' \
--set 'injector.startupProbe.initialDelaySeconds=100' \
--set 'injector.startupProbe.periodSeconds=100' \
--set 'injector.startupProbe.successThreshold=100' \
--set 'injector.startupProbe.timeoutSeconds=100' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].startupProbe' | tee /dev/stderr)
local actual=$(echo "$object" | yq '.failureThreshold' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.initialDelaySeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.periodSeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.successThreshold' | tee /dev/stderr)
[ "${actual}" = "100" ]
local actual=$(echo "$object" | yq '.timeoutSeconds' | tee /dev/stderr)
[ "${actual}" = "100" ]
}
@test "injector/deployment: default logLevel" {
cd `chart_dir`
local object=$(helm template \

37
values.yaml
View file

@ -93,6 +93,43 @@ injector:
exitOnRetryFailure: true
staticSecretRenderInterval: ""
# Used to define custom livenessProbe settings
livenessProbe:
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 2
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 5
# How often (in seconds) to perform the probe
periodSeconds: 2
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 5
# Used to define custom readinessProbe settings
readinessProbe:
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 2
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 5
# How often (in seconds) to perform the probe
periodSeconds: 2
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 5
# Used to define custom startupProbe settings
startupProbe:
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 12
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 5
# How often (in seconds) to perform the probe
periodSeconds: 5
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# Number of seconds after which the probe times out.
timeoutSeconds: 5
# Mount Path of the Vault Kubernetes Auth Method.
authPath: "auth/kubernetes"