From be7b82e1a1ac3c34746417ba5d9f05e68fdaffa5 Mon Sep 17 00:00:00 2001 From: Phil Sphicas Date: Sun, 27 Sep 2020 19:32:48 +0000 Subject: [PATCH] kube-apiserver: Allow probe customization Uses the standard helm-toolkit macros for liveness and readiness probes, allowing them to be enabled or disabled, and params to be overridden. Change-Id: Ie9aef97f56f2205ada24f17e7cafabc5943ae097 --- .../etc/_kubernetes-apiserver.yaml.tpl | 54 +++++++++---------- charts/apiserver/values.yaml | 17 ++++++ 2 files changed, 44 insertions(+), 27 deletions(-) diff --git a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl index 2cf3c5ca..cc54a9b1 100644 --- a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl +++ b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl @@ -35,6 +35,31 @@ {{- end -}} +{{- define "livenessProbeTemplate" -}} +exec: + command: + - /bin/bash + - -c + - |- + kubectl get nodes ${NODENAME} | grep ${NODENAME} + exit $? +{{- end -}} + + +{{- define "readinessProbeTemplate" -}} +exec: + command: + - /bin/bash + - -c + - |- + if [ ! -f /etc/kubernetes/apiserver/pki/apiserver-both.pem ]; then + cat /etc/kubernetes/apiserver/pki/apiserver-key.pem <(echo) /etc/kubernetes/apiserver/pki/apiserver.pem > /etc/kubernetes/apiserver/pki/apiserver-both.pem + fi + echo -e 'GET /healthz HTTP/1.0\r\n' | socat - openssl:localhost:{{ .Values.network.kubernetes_apiserver.port }},cert=/etc/kubernetes/apiserver/pki/apiserver-both.pem,cafile=/etc/kubernetes/apiserver/pki/cluster-ca.pem | grep '200 OK' + exit $? +{{- end -}} + + {{- $envAll := . }} --- apiVersion: v1 @@ -100,34 +125,9 @@ spec: ports: - containerPort: {{ .Values.network.kubernetes_apiserver.port }} - readinessProbe: - exec: - command: - - /bin/bash - - -c - - |- - if [ ! -f /etc/kubernetes/apiserver/pki/apiserver-both.pem ]; then - cat /etc/kubernetes/apiserver/pki/apiserver-key.pem <(echo) /etc/kubernetes/apiserver/pki/apiserver.pem > /etc/kubernetes/apiserver/pki/apiserver-both.pem - fi - echo -e 'GET /healthz HTTP/1.0\r\n' | socat - openssl:localhost:{{ .Values.network.kubernetes_apiserver.port }},cert=/etc/kubernetes/apiserver/pki/apiserver-both.pem,cafile=/etc/kubernetes/apiserver/pki/cluster-ca.pem | grep '200 OK' - exit $? - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 5 +{{ dict "envAll" . "component" "apiserver" "container" "apiserver" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 6 }} - livenessProbe: - exec: - command: - - /bin/bash - - -c - - |- - kubectl get nodes ${NODENAME} | grep ${NODENAME} - exit $? - failureThreshold: 3 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 +{{ dict "envAll" . "component" "apiserver" "container" "apiserver" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 6 }} volumeMounts: - name: etc diff --git a/charts/apiserver/values.yaml b/charts/apiserver/values.yaml index f8364306..0dc94f21 100644 --- a/charts/apiserver/values.yaml +++ b/charts/apiserver/values.yaml @@ -333,6 +333,23 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + probes: + apiserver: + apiserver: + liveness: + enabled: true + params: + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + readiness: + enabled: true + params: + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 5 manifests: configmap_bin: true