From a97ed6a4b8304798c195af0e9a731c6ced5b0746 Mon Sep 17 00:00:00 2001 From: ppawlowski Date: Wed, 31 Jan 2024 14:12:22 +0100 Subject: [PATCH 1/3] Add liveness, readiness, and startup probes to broker, deployment, and file storage --- helm/flowforge/templates/broker.yaml | 41 ++++++++++++++++++----- helm/flowforge/templates/deployment.yaml | 33 ++++++++++++++++++ helm/flowforge/templates/file-storage.yml | 33 ++++++++++++++++++ 3 files changed, 99 insertions(+), 8 deletions(-) diff --git a/helm/flowforge/templates/broker.yaml b/helm/flowforge/templates/broker.yaml index 2ad08ff8..54a2327d 100644 --- a/helm/flowforge/templates/broker.yaml +++ b/helm/flowforge/templates/broker.yaml @@ -78,14 +78,39 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - # livenessProbe: - # httpGet: - # path: /ping.html - # port: 1884 - # readinessProbe: - # httpGet: - # path: /ping.html - # port: 1884 + {{- if .Values.forge.broker.livenessProbe }} + livenessProbe: + httpGet: + path: /ping.html + port: 1884 + initialDelaySeconds: {{ .Values.forge.broker.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.broker.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.broker.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.broker.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.broker.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.broker.readinessProbe }} + readinessProbe: + httpGet: + path: /ping.html + port: 1884 + initialDelaySeconds: {{ .Values.forge.broker.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.broker.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.broker.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.broker.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.broker.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.broker.startupProbe }} + startupProbe: + httpGet: + path: /ping.html + port: 1884 + initialDelaySeconds: {{ .Values.forge.broker.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.broker.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.broker.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.broker.startupProbe.successThreshold }} + failureThreshold: {{ .Values.forge.broker.startupProbe.failureThreshold }} + {{- end }} {{- if .Values.forge.broker.resources }} resources: {{- toYaml .Values.forge.broker.resources | nindent 12 }} {{- end }} diff --git a/helm/flowforge/templates/deployment.yaml b/helm/flowforge/templates/deployment.yaml index 241e12a8..91582b58 100644 --- a/helm/flowforge/templates/deployment.yaml +++ b/helm/flowforge/templates/deployment.yaml @@ -72,6 +72,39 @@ spec: {{- end }} ports: - containerPort: 3000 + {{- if .Values.forge.livenessProbe }} + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: {{ .Values.forge.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.readinessProbe }} + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: {{ .Values.forge.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.startupProbe }} + startupProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: {{ .Values.forge.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.startupProbe.successThreshold }} + failureThreshold: {{ .Values.forge.startupProbe.failureThreshold }} + {{- end }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/helm/flowforge/templates/file-storage.yml b/helm/flowforge/templates/file-storage.yml index 3be75ede..b36e9445 100644 --- a/helm/flowforge/templates/file-storage.yml +++ b/helm/flowforge/templates/file-storage.yml @@ -78,6 +78,39 @@ spec: {{ end -}} ports: - containerPort: 3001 + {{- if .Values.forge.fileStore.livenessProbe }} + livenessProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: {{ .Values.forge.fileStore.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.fileStore.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.fileStore.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.fileStore.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.fileStore.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.fileStore.readinessProbe }} + readinessProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: {{ .Values.forge.fileStore.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.fileStore.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.fileStore.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.fileStore.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.fileStore.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.fileStore.startupProbe }} + startupProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: {{ .Values.forge.fileStore.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.fileStore.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.fileStore.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.fileStore.startupProbe.successThreshold }} + failureThreshold: {{ .Values.forge.fileStore.startupProbe.failureThreshold }} + {{- end }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true From 8428f89cf7a1a67c2e23c337a2910822c5277120 Mon Sep 17 00:00:00 2001 From: ppawlowski Date: Wed, 31 Jan 2024 14:12:53 +0100 Subject: [PATCH 2/3] Add default values and update values file schema --- helm/flowforge/values.schema.json | 181 +++++++++++++++++++++++++++++- helm/flowforge/values.yaml | 27 +++++ 2 files changed, 207 insertions(+), 1 deletion(-) diff --git a/helm/flowforge/values.schema.json b/helm/flowforge/values.schema.json index 47ade067..fdf476b4 100644 --- a/helm/flowforge/values.schema.json +++ b/helm/flowforge/values.schema.json @@ -270,6 +270,66 @@ } } } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } } }, "required": [ @@ -397,6 +457,66 @@ } } } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } } }, "required": [ @@ -539,8 +659,67 @@ } } } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } } - }, "required": [ "domain", diff --git a/helm/flowforge/values.yaml b/helm/flowforge/values.yaml index edf0602b..285b6e6e 100644 --- a/helm/flowforge/values.yaml +++ b/helm/flowforge/values.yaml @@ -27,6 +27,19 @@ forge: fsGroup: 1000 seccompProfile: type: RuntimeDefault + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + fileStore: enabled: false type: localfs @@ -48,6 +61,7 @@ forge: fsGroup: 1000 seccompProfile: type: RuntimeDefault + support: enabled: false @@ -73,6 +87,19 @@ forge: fsGroup: 1000 seccompProfile: type: RuntimeDefault + + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 postgresql: auth: From 67b434e6d6c86226d7392afc46f23bd913952afe Mon Sep 17 00:00:00 2001 From: ppawlowski Date: Wed, 31 Jan 2024 14:13:06 +0100 Subject: [PATCH 3/3] Update documentation --- helm/flowforge/README.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/helm/flowforge/README.md b/helm/flowforge/README.md index 31678e5d..15cbd6f6 100644 --- a/helm/flowforge/README.md +++ b/helm/flowforge/README.md @@ -45,7 +45,9 @@ If using an external PostgreSQL Database you will need to create the database an - `forge.clusterRole.name` custom name for the ClusterRole (default `create-pod`) - `forge.resources` allows to configure [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the core application container - `forge.podSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the core application pod - + - `forge.livenessProbe` block with [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the core application pod (check [here](#liveness-readiness-and-startup-probes) for more details) + - `forge.readinessProbe` block with [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the core application pod (check [here](#liveness-readiness-and-startup-probes) for more details) + - `forge.startupProbe` block with [startupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the core application pod (check [here](#liveness-readiness-and-startup-probes) for more details) note: `forge.projectSelector` and `forge.managementSelector` defaults mean that you must have at least 2 nodes in your cluster and they need to be labeled before installing. @@ -80,6 +82,9 @@ To use STMP to send email - `forge.broker.affinity` allows to configure [affinity or anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) for the broker pod - `forge.broker.resources` allows to configure [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the broker container - `forge.broker.podSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the broker pod + - `forge.broker.livenessProbe` block with [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details) + - `forge.broker.readinessProbe` block with [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details) + - `forge.broker.startupProbe` block with [startupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details) ### Telemetry @@ -129,6 +134,9 @@ Enables FlowForge Telemetry - `forge.fileStore.context.quota` Sets the maximum number of bytes that a project can store in Persistent Context (default `1048576`) - `forge.fileStore.resources` allows to configure [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the file-server container - `forge.fileStore.podSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the flowforge-file pod +- `forge.fileStore.livenessProbe` block with [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the flowforge-file pod (check [here](#liveness-readiness-and-startup-probes) for more details) +- `forge.fileStore.readinessProbe` block with [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the flowforge-file pod (check [here](#liveness-readiness-and-startup-probes) for more details) +- `forge.fileStore.startupProbe` block with [startupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the flowforge-file pod (check [here](#liveness-readiness-and-startup-probes) for more details) ### Private Certificate Authority @@ -180,3 +188,22 @@ editors: create: true name: editors ``` +### Liveness, readiness and startup probes + +Following values can be used to configure the liveness, readiness and startup probes for all pods: + +- `initialDelaySeconds` (default `10`) - number of seconds after the container has started before liveness or readiness probes are initiated +- `periodSeconds` (default `10`) - how often (in seconds) to perform the probe +- `timeoutSeconds` (default `5`) - number of seconds after which the probe times out +- `successThreshold` (default `1`) - minimum consecutive successes for the probe to be considered successful after having failed +- `failureThreshold` (default `3`) - minimum consecutive failures for the probe to be considered failed after having succeeded + +Example for readiness probe: +```yaml +readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 +```