Supporting startupProbe in operator

Author: gabedos

api/datadoghq/v2alpha1/datadogagent_types.go

@@ -1600,6 +1600,10 @@ type DatadogAgentGenericContainer struct {
 	// +optional
 	LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty"`
 
+	// Configure the Startup Probe of the container
+	// +optional
+	StartupProbe *corev1.Probe `json:"startupProbe,omitempty"`
+
 	// Container-level SecurityContext.
 	// +optional
 	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`

api/datadoghq/v2alpha1/zz_generated.deepcopy.go

@@ -341,6 +341,22 @@ In the table, `spec.override.nodeAgent.image.name` and `spec.override.nodeAgent.
 | [key].containers.[key].securityContext.windowsOptions.gmsaCredentialSpecName | GMSACredentialSpecName is the name of the GMSA credential spec to use. |
 | [key].containers.[key].securityContext.windowsOptions.hostProcess | HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. |
 | [key].containers.[key].securityContext.windowsOptions.runAsUserName | The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
+| [key].containers.[key].startupProbe.exec.command | Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
+| [key].containers.[key].startupProbe.failureThreshold | Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 6. Minimum value is 1. |
+| [key].containers.[key].startupProbe.grpc.port | Port number of the gRPC service. Number must be in the range 1 to 65535. |
+| [key].containers.[key].startupProbe.grpc.service | Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).   If this is not specified, the default behavior is defined by gRPC. |
+| [key].containers.[key].startupProbe.httpGet.host | Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
+| [key].containers.[key].startupProbe.httpGet.httpHeaders | Custom headers to set in the request. HTTP allows repeated headers. |
+| [key].containers.[key].startupProbe.httpGet.path | Path to access on the HTTP server. |
+| [key].containers.[key].startupProbe.httpGet.port | Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
+| [key].containers.[key].startupProbe.httpGet.scheme | Scheme to use for connecting to the host. Defaults to HTTP. |
+| [key].containers.[key].startupProbe.initialDelaySeconds | Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
+| [key].containers.[key].startupProbe.periodSeconds | How often (in seconds) to perform the probe. Default to 15 seconds. Minimum value is 1. |
+| [key].containers.[key].startupProbe.successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
+| [key].containers.[key].startupProbe.tcpSocket.host | Optional: Host name to connect to, defaults to the pod IP. |
+| [key].containers.[key].startupProbe.tcpSocket.port | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
+| [key].containers.[key].startupProbe.terminationGracePeriodSeconds | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. |
+| [key].containers.[key].startupProbe.timeoutSeconds | Number of seconds after which the probe times out. Defaults to 5 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
 | [key].containers.[key].volumeMounts `[]object` | Specify additional volume mounts in the container. |
 | [key].createRbac | Set CreateRbac to false to prevent automatic creation of Role/ClusterRole for this component |
 | [key].customConfigurations `map[string]object` | CustomConfiguration allows to specify custom configuration files for `datadog.yaml`, `datadog-cluster.yaml`, `security-agent.yaml`, and `system-probe.yaml`. The content is merged with configuration generated by the Datadog Operator, with priority given to custom configuration. WARNING: It is possible to override values set in the `DatadogAgent`. |

api/datadoghq/v2alpha1/zz_generated.openapi.go

@@ -126,6 +126,7 @@ func agentSingleContainer(dda metav1.Object) []corev1.Container {
 		VolumeMounts:   volumeMountsForCoreAgent(),
 		LivenessProbe:  v2alpha1.GetDefaultLivenessProbe(),
 		ReadinessProbe: v2alpha1.GetDefaultReadinessProbe(),
+		StartupProbe:   v2alpha1.GetDefaultStartupProbe(), // do we want this here?
 	}
 
 	containers := []corev1.Container{

config/crd/bases/v1/datadoghq.com_datadogagents.yaml

@@ -140,6 +140,10 @@ func overrideContainer(container *corev1.Container, override *v2alpha1.DatadogAg
 		container.LivenessProbe = overrideLivenessProbe(override.LivenessProbe)
 	}
 
+	if override.StartupProbe != nil {
+		container.StartupProbe = overrideStartupProbe(override.StartupProbe)
+	}
+
 	if override.SecurityContext != nil {
 		container.SecurityContext = override.SecurityContext
 	}
@@ -238,3 +242,13 @@ func overrideLivenessProbe(livenessProbeOverride *corev1.Probe) *corev1.Probe {
 	}
 	return livenessProbeOverride
 }
+
+func overrideStartupProbe(startupProbeOverride *corev1.Probe) *corev1.Probe {
+	// Add default httpGet probeHandler if probeHandler is not configured in livenessProbe override
+	if !hasProbeHandler(startupProbeOverride) {
+		startupProbeOverride.HTTPGet = &corev1.HTTPGetAction{
+			Path: v2alpha1.DefaultLivenessProbeHTTPPath,
+			Port: intstr.IntOrString{IntVal: v2alpha1.DefaultAgentHealthPort}}
+	}
+	return startupProbeOverride
+}

docs/configuration.v2alpha1.md

@@ -638,6 +638,139 @@ func TestContainer(t *testing.T) {
 				})
 			},
 		},
+		{
+			name:          "override liveness probe with default HTTPGet",
+			containerName: common.CoreAgentContainerName,
+			existingManager: func() *fake.PodTemplateManagers {
+				return fake.NewPodTemplateManagers(t, corev1.PodTemplateSpec{
+					Spec: corev1.PodSpec{
+						Containers: []corev1.Container{*agentContainer},
+					},
+				})
+			},
+			override: v2alpha1.DatadogAgentGenericContainer{
+				StartupProbe: &corev1.Probe{
+					InitialDelaySeconds: 10,
+					TimeoutSeconds:      5,
+					PeriodSeconds:       30,
+					SuccessThreshold:    1,
+					FailureThreshold:    5,
+				},
+			},
+			validateManager: func(t *testing.T, manager *fake.PodTemplateManagers, containerName string) {
+				assertContainerMatch(t, manager.PodTemplateSpec().Spec.Containers, containerName, func(container corev1.Container) bool {
+					return reflect.DeepEqual(
+						&corev1.Probe{
+							InitialDelaySeconds: 10,
+							TimeoutSeconds:      5,
+							PeriodSeconds:       30,
+							SuccessThreshold:    1,
+							FailureThreshold:    5,
+							ProbeHandler: corev1.ProbeHandler{
+								HTTPGet: &corev1.HTTPGetAction{
+									Path: "/live",
+									Port: intstr.IntOrString{
+										IntVal: 5555,
+									},
+								},
+							},
+						},
+						container.StartupProbe)
+				})
+			},
+		},
+		{
+			name:          "override liveness probe with non-HTTPGet handler",
+			containerName: common.CoreAgentContainerName,
+			existingManager: func() *fake.PodTemplateManagers {
+				return fake.NewPodTemplateManagers(t, corev1.PodTemplateSpec{
+					Spec: corev1.PodSpec{
+						Containers: []corev1.Container{*agentContainer},
+					},
+				})
+			},
+			override: v2alpha1.DatadogAgentGenericContainer{
+				StartupProbe: &corev1.Probe{
+					InitialDelaySeconds: 10,
+					TimeoutSeconds:      5,
+					PeriodSeconds:       30,
+					SuccessThreshold:    1,
+					FailureThreshold:    5,
+					ProbeHandler: corev1.ProbeHandler{
+						Exec: &corev1.ExecAction{
+							Command: []string{"echo", "foo", "bar"},
+						},
+					},
+				},
+			},
+			validateManager: func(t *testing.T, manager *fake.PodTemplateManagers, containerName string) {
+				assertContainerMatch(t, manager.PodTemplateSpec().Spec.Containers, containerName, func(container corev1.Container) bool {
+					return reflect.DeepEqual(
+						&corev1.Probe{
+							InitialDelaySeconds: 10,
+							TimeoutSeconds:      5,
+							PeriodSeconds:       30,
+							SuccessThreshold:    1,
+							FailureThreshold:    5,
+							ProbeHandler: corev1.ProbeHandler{
+								Exec: &corev1.ExecAction{
+									Command: []string{"echo", "foo", "bar"},
+								},
+							},
+						},
+						container.StartupProbe)
+				})
+			},
+		},
+		{
+			name:          "override liveness probe",
+			containerName: common.CoreAgentContainerName,
+			existingManager: func() *fake.PodTemplateManagers {
+				return fake.NewPodTemplateManagers(t, corev1.PodTemplateSpec{
+					Spec: corev1.PodSpec{
+						Containers: []corev1.Container{*agentContainer},
+					},
+				})
+			},
+			override: v2alpha1.DatadogAgentGenericContainer{
+				StartupProbe: &corev1.Probe{
+					InitialDelaySeconds: 10,
+					TimeoutSeconds:      5,
+					PeriodSeconds:       30,
+					SuccessThreshold:    1,
+					FailureThreshold:    5,
+					ProbeHandler: corev1.ProbeHandler{
+						HTTPGet: &corev1.HTTPGetAction{
+							Path: "/some/path",
+							Port: intstr.IntOrString{
+								IntVal: 1234,
+							},
+						},
+					},
+				},
+			},
+			validateManager: func(t *testing.T, manager *fake.PodTemplateManagers, containerName string) {
+				assertContainerMatch(t, manager.PodTemplateSpec().Spec.Containers, containerName, func(container corev1.Container) bool {
+					return reflect.DeepEqual(
+						&corev1.Probe{
+							InitialDelaySeconds: 10,
+							TimeoutSeconds:      5,
+							PeriodSeconds:       30,
+							SuccessThreshold:    1,
+							FailureThreshold:    5,
+							ProbeHandler: corev1.ProbeHandler{
+								HTTPGet: &corev1.HTTPGetAction{
+									Path: "/some/path",
+									Port: intstr.IntOrString{
+										IntVal: 1234,
+									},
+								},
+							},
+						},
+						container.StartupProbe)
+				})
+			},
+		},
 		{
 			name:          "override security context",
 			containerName: common.CoreAgentContainerName,

internal/controller/datadogagent/component/agent/default.go

@@ -488,6 +488,21 @@ func NewDatadogAgentWithOverrides(namespace string, name string) v2alpha1.Datado
 					SuccessThreshold:    1,
 					FailureThreshold:    5,
 				},
+				StartupProbe: &v1.Probe{
+					ProbeHandler: v1.ProbeHandler{
+						HTTPGet: &v1.HTTPGetAction{
+							Path: v2alpha1.DefaultLivenessProbeHTTPPath,
+							Port: intstr.IntOrString{
+								IntVal: v2alpha1.DefaultAgentHealthPort,
+							},
+						},
+					},
+					InitialDelaySeconds: 15,
+					TimeoutSeconds:      5,
+					PeriodSeconds:       15,
+					SuccessThreshold:    1,
+					FailureThreshold:    6,
+				},
 				SecurityContext: &v1.SecurityContext{
 					RunAsUser: apiutils.NewInt64Pointer(12345),
 				},