Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Configure pod probes (#104)

Browse source 
* Added option for enabling a livenessprobe

* added option for using http for readinessProbe

* added tests
This commit is contained in:
Holden Omans 2019-11-28 18:24:41 -05:00 committed by Jason O'Donnell
parent 2ff7d47c07
commit a0325cfd14
3 changed files with 72 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
templates/server-statefulset.yaml
View file

@ -86,7 +86,13 @@ spec:
name: internal
- containerPort: 8202
name: replication
{{- if .Values.server.readinessProbe.enabled }}
readinessProbe:
{{- if .Values.server.readinessProbe.path }}
httpGet:
path: {{ .Values.server.readinessProbe.path | quote }}
port: 8200
{{- else }}
# Check status; unsealed vault servers return 0
# The exit code reflects the seal status:
# 0 - unsealed
@ -94,11 +100,23 @@ spec:
# 2 - sealed
exec:
command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
{{- end }}
failureThreshold: 2
initialDelaySeconds: 5
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 5
{{- end }}
{{- if .Values.server.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.server.livenessProbe.path | quote }}
port: 8200
initialDelaySeconds: 5
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 5
{{- end }}
{{- if .Values.server.extraContainers }}
{{ toYaml .Values.server.extraContainers | nindent 8}}
{{- end }}

42
test/unit/server-statefulset.bats
View file

@ -741,3 +741,45 @@ load _helpers
yq -r '.spec.template.spec.securityContext.fsGroup' | tee /dev/stderr)
[ "${actual}" = "2000" ]
}
#--------------------------------------------------------------------
# health checks
@test "server/standalone-StatefulSet: readinessProbe default" {
cd `chart_dir`
local actual=$(helm template \
-x templates/server-statefulset.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].readinessProbe.exec.command[2]' | tee /dev/stderr)
[ "${actual}" = "vault status -tls-skip-verify" ]
}
@test "server/standalone-StatefulSet: readinessProbe configurable" {
cd `chart_dir`
local actual=$(helm template \
-x templates/server-statefulset.yaml \
--set 'server.readinessProbe.enabled=false' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr)
[ "${actual}" = "null" ]
}
@test "server/standalone-StatefulSet: livenessProbe default" {
cd `chart_dir`
local actual=$(helm template \
-x templates/server-statefulset.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].livenessProbe' | tee /dev/stderr)
[ "${actual}" = "null" ]
}
@test "server/standalone-StatefulSet: livenessProbe configurable" {
cd `chart_dir`
local actual=$(helm template \
-x templates/server-statefulset.yaml \
--set 'server.livenessProbe.enabled=true' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].livenessProbe.httpGet.path' | tee /dev/stderr)
[ "${actual}" = "/v1/sys/health?standbyok" ]
}

14
values.yaml
View file

@ -60,6 +60,16 @@ server:
extraContainers: null
# Used to define custom readinessProbe settings
readinessProbe:
enabled: true
# If you need to use a http path instead of the default exec
# path: /v1/sys/health?standbyok
# Used to enable a livenessProbe for the pods
livenessProbe:
enabled: false
path: /v1/sys/health?standbyok
# extraEnvironmentVars is a list of extra enviroment variables to set with the stateful set. These could be
# used to include variables required for auto-unseal.
extraEnvironmentVars: {}
@ -134,7 +144,7 @@ server:
targetPort: 8200
# Extra annotations for the service definition
annotations: {}
# This configures the Vault Statefulset to create a PVC for data
# storage when using the file backend.
# See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
@ -251,7 +261,7 @@ server:
# Definition of the serviceaccount used to run Vault.
serviceaccount:
annotations: {}
# Vault UI
ui:
# True if you want to create a Service entry for the Vault UI.