From c23db1461500f18b9137410a1311cc30553b5272 Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Mon, 14 Sep 2020 10:44:09 -0400 Subject: [PATCH 1/6] Add configurable probe values --- templates/server-statefulset.yaml | 19 +-- test/unit/server-statefulset.bats | 198 +++++++++++++++++++++++++++++- values.yaml | 22 ++++ 3 files changed, 226 insertions(+), 13 deletions(-) diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index 8b9cea9c9..3e7c7503a 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -141,11 +141,11 @@ spec: exec: command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] {{- end }} - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 3 - successThreshold: 1 - timeoutSeconds: 5 + failureThreshold: {{ .Values.server.readinessProbe.failureThreshold | default 2 }} + initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds | default 5 }} + periodSeconds: {{ .Values.server.readinessProbe.periodSeconds | default 3 }} + successThreshold: {{ .Values.server.readinessProbe.successThreshold | default 1 }} + timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds | default 5 }} {{- end }} {{- if .Values.server.livenessProbe.enabled }} livenessProbe: @@ -153,10 +153,11 @@ spec: path: {{ .Values.server.livenessProbe.path | quote }} port: 8200 scheme: {{ include "vault.scheme" . | upper }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: 3 - successThreshold: 1 - timeoutSeconds: 5 + failureThreshold: {{ .Values.server.livenessProbe.failureThreshold | default 2 }} + initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds | default 60 }} + periodSeconds: {{ .Values.server.livenessProbe.periodSeconds | default 3 }} + successThreshold: {{ .Values.server.livenessProbe.successThreshold | default 1 }} + timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds | default 5 }} {{- end }} lifecycle: # Vault container doesn't receive SIGTERM from Kubernetes diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index 23e75c706..a4ca563fa 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -962,6 +962,110 @@ load _helpers [ "${actual}" = "null" ] } +@test "server/standalone-StatefulSet: readiness failureThreshold default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.failureThreshold' | tee /dev/stderr) + [ "${actual}" = "2" ] +} + +@test "server/standalone-StatefulSet: readiness failureThreshold configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + --set 'server.readinessProbe.failureThreshold=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.failureThreshold' | tee /dev/stderr) + [ "${actual}" = "100" ] +} + +@test "server/standalone-StatefulSet: readiness initialDelaySeconds default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.initialDelaySeconds' | tee /dev/stderr) + [ "${actual}" = "5" ] +} + +@test "server/standalone-StatefulSet: readiness initialDelaySeconds configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + --set 'server.readinessProbe.initialDelaySeconds=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.initialDelaySeconds' | tee /dev/stderr) + [ "${actual}" = "100" ] +} + +@test "server/standalone-StatefulSet: readiness periodSeconds default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.periodSeconds' | tee /dev/stderr) + [ "${actual}" = "3" ] +} + +@test "server/standalone-StatefulSet: readiness periodSeconds configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + --set 'server.readinessProbe.periodSeconds=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.periodSeconds' | tee /dev/stderr) + [ "${actual}" = "100" ] +} + +@test "server/standalone-StatefulSet: readiness successThreshold default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.successThreshold' | tee /dev/stderr) + [ "${actual}" = "1" ] +} + +@test "server/standalone-StatefulSet: readiness successThreshold configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + --set 'server.readinessProbe.successThreshold=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.successThreshold' | tee /dev/stderr) + [ "${actual}" = "100" ] +} + +@test "server/standalone-StatefulSet: readiness timeoutSeconds default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.timeoutSeconds' | tee /dev/stderr) + [ "${actual}" = "5" ] +} + +@test "server/standalone-StatefulSet: readiness timeoutSeconds configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=true' \ + --set 'server.readinessProbe.timeoutSeconds=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.timeoutSeconds' | tee /dev/stderr) + [ "${actual}" = "100" ] +} @test "server/standalone-StatefulSet: livenessProbe default" { cd `chart_dir` @@ -982,7 +1086,28 @@ load _helpers [ "${actual}" = "/v1/sys/health?standbyok=true" ] } -@test "server/standalone-StatefulSet: livenessProbe initialDelaySeconds default" { +@test "server/standalone-StatefulSet: liveness failureThreshold default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.failureThreshold' | tee /dev/stderr) + [ "${actual}" = "2" ] +} + +@test "server/standalone-StatefulSet: liveness failureThreshold configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + --set 'server.livenessProbe.failureThreshold=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.failureThreshold' | tee /dev/stderr) + [ "${actual}" = "100" ] +} + +@test "server/standalone-StatefulSet: liveness initialDelaySeconds default" { cd `chart_dir` local actual=$(helm template \ --show-only templates/server-statefulset.yaml \ @@ -992,17 +1117,82 @@ load _helpers [ "${actual}" = "60" ] } -@test "server/standalone-StatefulSet: livenessProbe initialDelaySeconds configurable" { +@test "server/standalone-StatefulSet: liveness initialDelaySeconds configurable" { cd `chart_dir` local actual=$(helm template \ --show-only templates/server-statefulset.yaml \ --set 'server.livenessProbe.enabled=true' \ - --set 'server.livenessProbe.initialDelaySeconds=30' \ + --set 'server.livenessProbe.initialDelaySeconds=100' \ . | tee /dev/stderr | yq -r '.spec.template.spec.containers[0].livenessProbe.initialDelaySeconds' | tee /dev/stderr) - [ "${actual}" = "30" ] + [ "${actual}" = "100" ] +} + +@test "server/standalone-StatefulSet: liveness periodSeconds default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.periodSeconds' | tee /dev/stderr) + [ "${actual}" = "3" ] +} + +@test "server/standalone-StatefulSet: liveness periodSeconds configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + --set 'server.livenessProbe.periodSeconds=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.periodSeconds' | tee /dev/stderr) + [ "${actual}" = "100" ] } +@test "server/standalone-StatefulSet: liveness successThreshold default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.successThreshold' | tee /dev/stderr) + [ "${actual}" = "1" ] +} + +@test "server/standalone-StatefulSet: liveness successThreshold configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + --set 'server.livenessProbe.successThreshold=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.successThreshold' | tee /dev/stderr) + [ "${actual}" = "100" ] +} + +@test "server/standalone-StatefulSet: liveness timeoutSeconds default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.timeoutSeconds' | tee /dev/stderr) + [ "${actual}" = "5" ] +} + +@test "server/standalone-StatefulSet: liveness timeoutSeconds configurable" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + --set 'server.livenessProbe.timeoutSeconds=100' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.timeoutSeconds' | tee /dev/stderr) + [ "${actual}" = "100" ] +} + +#-------------------------------------------------------------------- +# args @test "server/standalone-StatefulSet: add extraArgs" { cd `chart_dir` local actual=$(helm template \ diff --git a/values.yaml b/values.yaml index 1a5554283..359bbf6b3 100644 --- a/values.yaml +++ b/values.yaml @@ -218,11 +218,33 @@ server: enabled: true # If you need to use a http path instead of the default exec # path: /v1/sys/health?standbyok=true + + # When a probe fails, Kubernetes will try failureThreshold times before giving up + failureThreshold: 2 + # Number of seconds after the container has started before probbe initiates + initialDelaySeconds: 5 + # How often (in seconds) to perform the probe + periodSeconds: 3 + # Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + # Number of seconds after which the probe times out. + timeoutSeconds: 5 + # If you need to use a http path instead of the default exec + # path: /v1/sys/health?standbyok=true # Used to enable a livenessProbe for the pods livenessProbe: enabled: false path: "/v1/sys/health?standbyok=true" + # When a probe fails, Kubernetes will try failureThreshold times before giving up + failureThreshold: 2 + # Number of seconds after the container has started before probbe initiates initialDelaySeconds: 60 + # How often (in seconds) to perform the probe + periodSeconds: 3 + # Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + # Number of seconds after which the probe times out. + timeoutSeconds: 5 # Used to set the sleep time during the preStop step preStopSleepSeconds: 5 From 247955858276c704318f3eca30edf19de1dac2e2 Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Mon, 14 Sep 2020 12:03:46 -0400 Subject: [PATCH 2/6] Remove template defaults --- templates/server-statefulset.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index 3e7c7503a..efb7ce203 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -141,11 +141,11 @@ spec: exec: command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold | default 2 }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds | default 5 }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds | default 3 }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold | default 1 }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.server.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} {{- end }} {{- if .Values.server.livenessProbe.enabled }} livenessProbe: @@ -153,11 +153,11 @@ spec: path: {{ .Values.server.livenessProbe.path | quote }} port: 8200 scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold | default 2 }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds | default 60 }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds | default 3 }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold | default 1 }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.server.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} {{- end }} lifecycle: # Vault container doesn't receive SIGTERM from Kubernetes From 0e6e5f82fe5d8fbae1f3ab8a2df692c494f952ab Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Mon, 14 Sep 2020 12:04:17 -0400 Subject: [PATCH 3/6] Update values.yaml Co-authored-by: Tom Proctor --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 359bbf6b3..d990fd9aa 100644 --- a/values.yaml +++ b/values.yaml @@ -221,7 +221,7 @@ server: # When a probe fails, Kubernetes will try failureThreshold times before giving up failureThreshold: 2 - # Number of seconds after the container has started before probbe initiates + # Number of seconds after the container has started before probe initiates initialDelaySeconds: 5 # How often (in seconds) to perform the probe periodSeconds: 3 From c5e9601b74d0c181571fcccbba94f8ae6464d5d5 Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Mon, 14 Sep 2020 12:04:24 -0400 Subject: [PATCH 4/6] Update values.yaml Co-authored-by: Tom Proctor --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index d990fd9aa..dc9fe6aed 100644 --- a/values.yaml +++ b/values.yaml @@ -237,7 +237,7 @@ server: path: "/v1/sys/health?standbyok=true" # When a probe fails, Kubernetes will try failureThreshold times before giving up failureThreshold: 2 - # Number of seconds after the container has started before probbe initiates + # Number of seconds after the container has started before probe initiates initialDelaySeconds: 60 # How often (in seconds) to perform the probe periodSeconds: 3 From 68920d440a6d73b1b013ab4e0a90e7034b0b955e Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Mon, 14 Sep 2020 12:34:03 -0400 Subject: [PATCH 5/6] Update values.yaml Co-authored-by: Theron Voran --- values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/values.yaml b/values.yaml index dc9fe6aed..86a121647 100644 --- a/values.yaml +++ b/values.yaml @@ -229,8 +229,6 @@ server: successThreshold: 1 # Number of seconds after which the probe times out. timeoutSeconds: 5 - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true # Used to enable a livenessProbe for the pods livenessProbe: enabled: false From 58973d0192e8d6141c22c8ca29d3dda5212e73c8 Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Tue, 15 Sep 2020 12:25:51 -0400 Subject: [PATCH 6/6] Switch timeout and period defaults --- test/unit/server-statefulset.bats | 8 ++++---- values.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index a4ca563fa..0b9f243a5 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -1011,7 +1011,7 @@ load _helpers --set 'server.readinessProbe.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.template.spec.containers[0].readinessProbe.periodSeconds' | tee /dev/stderr) - [ "${actual}" = "3" ] + [ "${actual}" = "5" ] } @test "server/standalone-StatefulSet: readiness periodSeconds configurable" { @@ -1053,7 +1053,7 @@ load _helpers --set 'server.readinessProbe.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.template.spec.containers[0].readinessProbe.timeoutSeconds' | tee /dev/stderr) - [ "${actual}" = "5" ] + [ "${actual}" = "3" ] } @test "server/standalone-StatefulSet: readiness timeoutSeconds configurable" { @@ -1135,7 +1135,7 @@ load _helpers --set 'server.livenessProbe.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.template.spec.containers[0].livenessProbe.periodSeconds' | tee /dev/stderr) - [ "${actual}" = "3" ] + [ "${actual}" = "5" ] } @test "server/standalone-StatefulSet: liveness periodSeconds configurable" { @@ -1177,7 +1177,7 @@ load _helpers --set 'server.livenessProbe.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.template.spec.containers[0].livenessProbe.timeoutSeconds' | tee /dev/stderr) - [ "${actual}" = "5" ] + [ "${actual}" = "3" ] } @test "server/standalone-StatefulSet: liveness timeoutSeconds configurable" { diff --git a/values.yaml b/values.yaml index 86a121647..a53ef2155 100644 --- a/values.yaml +++ b/values.yaml @@ -224,11 +224,11 @@ server: # Number of seconds after the container has started before probe initiates initialDelaySeconds: 5 # How often (in seconds) to perform the probe - periodSeconds: 3 + periodSeconds: 5 # Minimum consecutive successes for the probe to be considered successful after having failed successThreshold: 1 # Number of seconds after which the probe times out. - timeoutSeconds: 5 + timeoutSeconds: 3 # Used to enable a livenessProbe for the pods livenessProbe: enabled: false @@ -238,11 +238,11 @@ server: # Number of seconds after the container has started before probe initiates initialDelaySeconds: 60 # How often (in seconds) to perform the probe - periodSeconds: 3 + periodSeconds: 5 # Minimum consecutive successes for the probe to be considered successful after having failed successThreshold: 1 # Number of seconds after which the probe times out. - timeoutSeconds: 5 + timeoutSeconds: 3 # Used to set the sleep time during the preStop step preStopSleepSeconds: 5