Skip to content

Commit

Permalink
feat(helm): Allow configuration of probe timeouts in Helm Chart (#2220)
Browse files Browse the repository at this point in the history 
* feat(helm): Allow configuration of probe timeouts in Helm Chart

Signed-off-by: Ethan Range <65268454+ethanrange@users.noreply.github.com>

* Fix whitepace in replacements.go

Signed-off-by: Ethan Range <65268454+ethanrange@users.noreply.github.com>

Signed-off-by: Ethan Range <65268454+ethanrange@users.noreply.github.com>
Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
  • Loading branch information
@ethanrange @ritazh
ethanrange and ritazh authored Aug 12, 2022
1 parent d14c0da commit b6c369b
Show file tree
Hide file tree
Showing 8 changed files with 32 additions and 0 deletions.
4 changes: 4 additions & 0 deletions cmd/build/helmify/kustomize-for-helm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,12 @@ spec:
httpGet:
path: /readyz
port: HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_HEALTH_PORT
timeoutSeconds: HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_READINESS_TIMEOUT
livenessProbe:
httpGet:
path: /healthz
port: HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_HEALTH_PORT
timeoutSeconds: HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_LIVENESS_TIMEOUT
securityContext:
HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_SECURITY_CONTEXT: ""
resources:
Expand Down Expand Up @@ -172,10 +174,12 @@ spec:
httpGet:
path: /readyz
port: HELMSUBST_DEPLOYMENT_AUDIT_HEALTH_PORT
timeoutSeconds: HELMSUBST_DEPLOYMENT_AUDIT_READINESS_TIMEOUT
livenessProbe:
httpGet:
path: /healthz
port: HELMSUBST_DEPLOYMENT_AUDIT_HEALTH_PORT
timeoutSeconds: HELMSUBST_DEPLOYMENT_AUDIT_LIVENESS_TIMEOUT
securityContext:
HELMSUBST_DEPLOYMENT_AUDIT_SECURITY_CONTEXT: ""
resources:
Expand Down
8 changes: 8 additions & 0 deletions cmd/build/helmify/replacements.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ var replacements = map[string]string{

"HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_METRICS_PORT": `{{ .Values.controllerManager.metricsPort }}`,

"HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_READINESS_TIMEOUT": `{{ .Values.controllerManager.readinessTimeout }}`,

"HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_LIVENESS_TIMEOUT": `{{ .Values.controllerManager.livenessTimeout }}`,

"HELMSUBST_DEPLOYMENT_AUDIT_HOST_NETWORK": `{{ .Values.audit.hostNetwork }}`,

"HELMSUBST_DEPLOYMENT_AUDIT_DNS_POLICY": `{{ .Values.audit.dnsPolicy }}`,
Expand All @@ -23,6 +27,10 @@ var replacements = map[string]string{

"HELMSUBST_DEPLOYMENT_AUDIT_METRICS_PORT": `{{ .Values.audit.metricsPort }}`,

"HELMSUBST_DEPLOYMENT_AUDIT_READINESS_TIMEOUT": `{{ .Values.audit.readinessTimeout }}`,

"HELMSUBST_DEPLOYMENT_AUDIT_LIVENESS_TIMEOUT": `{{ .Values.audit.livenessTimeout }}`,

`HELMSUBST_DEPLOYMENT_AUDIT_NODE_SELECTOR: ""`: `{{- toYaml .Values.audit.nodeSelector | nindent 8 }}`,

`HELMSUBST_DEPLOYMENT_AUDIT_POD_SECURITY_CONTEXT: ""`: `{{- toYaml .Values.audit.podSecurityContext | nindent 8 }}`,
Expand Down
4 changes: 4 additions & 0 deletions cmd/build/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| controllerManager.healthPort | Health port for controller manager | `9090` |
| controllerManager.port | Webhook-server port for controller manager | `8443` |
| controllerManager.metricsPort | Metrics port for controller manager | `8888` |
| controllerManager.readinessTimeout | Timeout in seconds for the controller manager's readiness probe | `1` |
| controllerManager.livenessTimeout | Timeout in seconds for the controller manager's liveness probe | `1` |
| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` |
| controllerManager.podSecurityContext | Security context on pod level for controller manager | {fsGroup: 999, suplementalGroups: [999]} |
| controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` |
Expand All @@ -169,6 +171,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| audit.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| audit.healthPort | Health port for audit | `9090` |
| audit.metricsPort | Metrics port for audit | `8888` |
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
| podLabels | The labels to add to the Gatekeeper pods | `{}` |
Expand Down
4 changes: 4 additions & 0 deletions cmd/build/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,8 @@ controllerManager:
port: 8443
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
affinity:
Expand Down Expand Up @@ -180,6 +182,8 @@ audit:
dnsPolicy: ClusterFirst
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: true
affinity: {}
Expand Down
4 changes: 4 additions & 0 deletions manifest_staging/charts/gatekeeper/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| controllerManager.healthPort | Health port for controller manager | `9090` |
| controllerManager.port | Webhook-server port for controller manager | `8443` |
| controllerManager.metricsPort | Metrics port for controller manager | `8888` |
| controllerManager.readinessTimeout | Timeout in seconds for the controller manager's readiness probe | `1` |
| controllerManager.livenessTimeout | Timeout in seconds for the controller manager's liveness probe | `1` |
| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` |
| controllerManager.podSecurityContext | Security context on pod level for controller manager | {fsGroup: 999, suplementalGroups: [999]} |
| controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` |
Expand All @@ -169,6 +171,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| audit.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| audit.healthPort | Health port for audit | `9090` |
| audit.metricsPort | Metrics port for audit | `8888` |
| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` |
| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` |
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
| podLabels | The labels to add to the Gatekeeper pods | `{}` |
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ spec:
httpGet:
path: /healthz
port: {{ .Values.audit.healthPort }}
timeoutSeconds: {{ .Values.audit.livenessTimeout }}
name: manager
ports:
- containerPort: {{ .Values.audit.metricsPort }}
Expand All @@ -103,6 +104,7 @@ spec:
httpGet:
path: /readyz
port: {{ .Values.audit.healthPort }}
timeoutSeconds: {{ .Values.audit.readinessTimeout }}
resources:
{{- toYaml .Values.audit.resources | nindent 10 }}
securityContext:
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ spec:
httpGet:
path: /healthz
port: {{ .Values.controllerManager.healthPort }}
timeoutSeconds: {{ .Values.controllerManager.livenessTimeout }}
name: manager
ports:
- containerPort: {{ .Values.controllerManager.port }}
Expand All @@ -119,6 +120,7 @@ spec:
httpGet:
path: /readyz
port: {{ .Values.controllerManager.healthPort }}
timeoutSeconds: {{ .Values.controllerManager.readinessTimeout }}
resources:
{{- toYaml .Values.controllerManager.resources | nindent 10 }}
securityContext:
Expand Down
4 changes: 4 additions & 0 deletions manifest_staging/charts/gatekeeper/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,8 @@ controllerManager:
port: 8443
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
affinity:
Expand Down Expand Up @@ -180,6 +182,8 @@ audit:
dnsPolicy: ClusterFirst
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: true
affinity: {}
Expand Down

0 comments on commit b6c369b

Please sign in to comment.