Skip to content

feat(helm): Allow configuration of probe timeouts in Helm Chart #2220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sozercan merged 3 commits into from
Aug 12, 2022
Merged

feat(helm): Allow configuration of probe timeouts in Helm Chart #2220

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
96c4a13
feat(helm): Allow configuration of probe timeouts in Helm Chart
ethanrange Aug 9, 2022
eb5b6bb
Merge branch 'master' into chart_probe_timeouts
ritazh Aug 11, 2022
5f54806
Fix whitepace in replacements.go
ethanrange Aug 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions cmd/build/helmify/kustomize-for-helm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,12 @@ spec:
httpGet:
path: /readyz
port: HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_HEALTH_PORT
timeoutSeconds: HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_READINESS_TIMEOUT
livenessProbe:
httpGet:
path: /healthz
port: HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_HEALTH_PORT
timeoutSeconds: HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_LIVENESS_TIMEOUT
securityContext:
HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_SECURITY_CONTEXT: ""
resources:
Expand Down Expand Up @@ -172,10 +174,12 @@ spec:
httpGet:
path: /readyz
port: HELMSUBST_DEPLOYMENT_AUDIT_HEALTH_PORT
timeoutSeconds: HELMSUBST_DEPLOYMENT_AUDIT_READINESS_TIMEOUT
livenessProbe:
httpGet:
path: /healthz
port: HELMSUBST_DEPLOYMENT_AUDIT_HEALTH_PORT
timeoutSeconds: HELMSUBST_DEPLOYMENT_AUDIT_LIVENESS_TIMEOUT
securityContext:
HELMSUBST_DEPLOYMENT_AUDIT_SECURITY_CONTEXT: ""
resources:
Expand Down
8 changes: 8 additions & 0 deletions cmd/build/helmify/replacements.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ var replacements = map[string]string{

"HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_METRICS_PORT": `{{ .Values.controllerManager.metricsPort }}`,

"HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_READINESS_TIMEOUT": `{{ .Values.controllerManager.readinessTimeout }}`,

"HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_LIVENESS_TIMEOUT": `{{ .Values.controllerManager.livenessTimeout }}`,

"HELMSUBST_DEPLOYMENT_AUDIT_HOST_NETWORK": `{{ .Values.audit.hostNetwork }}`,

"HELMSUBST_DEPLOYMENT_AUDIT_DNS_POLICY": `{{ .Values.audit.dnsPolicy }}`,
Expand All @@ -23,6 +27,10 @@ var replacements = map[string]string{

"HELMSUBST_DEPLOYMENT_AUDIT_METRICS_PORT": `{{ .Values.audit.metricsPort }}`,

"HELMSUBST_DEPLOYMENT_AUDIT_READINESS_TIMEOUT": `{{ .Values.audit.readinessTimeout }}`,

"HELMSUBST_DEPLOYMENT_AUDIT_LIVENESS_TIMEOUT": `{{ .Values.audit.livenessTimeout }}`,

`HELMSUBST_DEPLOYMENT_AUDIT_NODE_SELECTOR: ""`: `{{- toYaml .Values.audit.nodeSelector | nindent 8 }}`,

`HELMSUBST_DEPLOYMENT_AUDIT_POD_SECURITY_CONTEXT: ""`: `{{- toYaml .Values.audit.podSecurityContext | nindent 8 }}`,
Expand Down
4 changes: 4 additions & 0 deletions cmd/build/helmify/static/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| controllerManager.healthPort | Health port for controller manager | `9090` |
| controllerManager.port | Webhook-server port for controller manager | `8443` |
| controllerManager.metricsPort | Metrics port for controller manager | `8888` |
| controllerManager.readinessTimeout | Timeout in seconds for the controller manager's readiness probe | `1` |
| controllerManager.livenessTimeout | Timeout in seconds for the controller manager's liveness probe | `1` |
| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` |
| controllerManager.podSecurityContext | Security context on pod level for controller manager | {fsGroup: 999, suplementalGroups: [999]} |
| controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` |
Expand All @@ -169,6 +171,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| audit.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| audit.healthPort | Health port for audit | `9090` |
| audit.metricsPort | Metrics port for audit | `8888` |
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
| podLabels | The labels to add to the Gatekeeper pods | `{}` |
Expand Down
4 changes: 4 additions & 0 deletions cmd/build/helmify/static/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,8 @@ controllerManager:
port: 8443
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
affinity:
Expand Down Expand Up @@ -180,6 +182,8 @@ audit:
dnsPolicy: ClusterFirst
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: true
affinity: {}
Expand Down
4 changes: 4 additions & 0 deletions manifest_staging/charts/gatekeeper/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| controllerManager.healthPort | Health port for controller manager | `9090` |
| controllerManager.port | Webhook-server port for controller manager | `8443` |
| controllerManager.metricsPort | Metrics port for controller manager | `8888` |
| controllerManager.readinessTimeout | Timeout in seconds for the controller manager's readiness probe | `1` |
| controllerManager.livenessTimeout | Timeout in seconds for the controller manager's liveness probe | `1` |
| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` |
| controllerManager.podSecurityContext | Security context on pod level for controller manager | {fsGroup: 999, suplementalGroups: [999]} |
| controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` |
Expand All @@ -169,6 +171,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| audit.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| audit.healthPort | Health port for audit | `9090` |
| audit.metricsPort | Metrics port for audit | `8888` |
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
| podLabels | The labels to add to the Gatekeeper pods | `{}` |
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ spec:
httpGet:
path: /healthz
port: {{ .Values.audit.healthPort }}
timeoutSeconds: {{ .Values.audit.livenessTimeout }}
name: manager
ports:
- containerPort: {{ .Values.audit.metricsPort }}
Expand All @@ -103,6 +104,7 @@ spec:
httpGet:
path: /readyz
port: {{ .Values.audit.healthPort }}
timeoutSeconds: {{ .Values.audit.readinessTimeout }}
resources:
{{- toYaml .Values.audit.resources | nindent 10 }}
securityContext:
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ spec:
httpGet:
path: /healthz
port: {{ .Values.controllerManager.healthPort }}
timeoutSeconds: {{ .Values.controllerManager.livenessTimeout }}
name: manager
ports:
- containerPort: {{ .Values.controllerManager.port }}
Expand All @@ -119,6 +120,7 @@ spec:
httpGet:
path: /readyz
port: {{ .Values.controllerManager.healthPort }}
timeoutSeconds: {{ .Values.controllerManager.readinessTimeout }}
resources:
{{- toYaml .Values.controllerManager.resources | nindent 10 }}
securityContext:
Expand Down
4 changes: 4 additions & 0 deletions manifest_staging/charts/gatekeeper/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,8 @@ controllerManager:
port: 8443
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
affinity:
Expand Down Expand Up @@ -180,6 +182,8 @@ audit:
dnsPolicy: ClusterFirst
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: true
affinity: {}
Expand Down