ksm: add liveness and readiness probes

Signed-off-by: Pranshu Srivastava <rexagod@gmail.com>
openshift · Jun 13, 2024 · 2e35d00 · 2e35d00
1 parent 40bdb02
commit 2e35d00
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/assets/kube-state-metrics/deployment.yaml b/assets/kube-state-metrics/deployment.yaml
@@ -57,7 +57,22 @@ spec:
           ^kube_pod_completion_time$,
           ^kube_pod_status_scheduled$
         image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0
+        livenessProbe:
+          httpGet:
+            path: livez
+            port: main
+            scheme: HTTPS
         name: kube-state-metrics
+        ports:
+        - containerPort: 8443
+          name: main
+        - containerPort: 9443
+          name: self
+        readinessProbe:
+          httpGet:
+            path: metrics
+            port: self
+            scheme: HTTPS
         resources:
           requests:
             cpu: 2m
@@ -79,6 +94,7 @@ spec:
         - --tls-private-key-file=/etc/tls/private/tls.key
         - --client-ca-file=/etc/tls/client/client-ca.crt
         - --config-file=/etc/kube-rbac-policy/config.yaml
+        - --ignore-paths=/livez
         image: quay.io/brancz/kube-rbac-proxy:v0.17.1
         name: kube-rbac-proxy-main
         ports:
@@ -108,6 +124,7 @@ spec:
         - --tls-private-key-file=/etc/tls/private/tls.key
         - --client-ca-file=/etc/tls/client/client-ca.crt
         - --config-file=/etc/kube-rbac-policy/config.yaml
+        - --ignore-paths=/metrics
         image: quay.io/brancz/kube-rbac-proxy:v0.17.1
         name: kube-rbac-proxy-self
         ports:

diff --git a/jsonnet/components/kube-state-metrics.libsonnet b/jsonnet/components/kube-state-metrics.libsonnet
@@ -208,6 +208,7 @@ function(params)
                         '--tls-private-key-file=/etc/tls/private/tls.key',
                         '--client-ca-file=/etc/tls/client/client-ca.crt',
                         '--config-file=/etc/kube-rbac-policy/config.yaml',
+                        '--ignore-paths=' + std.join(',', if std.endsWith(c.name, '-self') then ['/metrics'] else ['/livez']),
                       ],
                       volumeMounts: [
                         {
@@ -266,6 +267,36 @@ function(params)
                           readOnly: true,
                         },
                       ],
+                      local mainPort = 8443,
+                      local mainPortName = 'main',
+                      local selfPort = 9443,
+                      local selfPortName = 'self',
+                      ports::: [
+                        {
+                          containerPort: mainPort,
+                          name: mainPortName,
+                        },
+                        {
+                          containerPort: selfPort,
+                          name: selfPortName,
+                        },
+                      ],
+                      local livenessProbePath = 'livez',
+                      local readinessProbePath = 'metrics',
+                      livenessProbe::: {
+                        httpGet: {
+                          path: livenessProbePath,
+                          port: mainPortName,
+                          scheme: 'HTTPS',
+                        },
+                      },
+                      readinessProbe::: {
+                        httpGet: {
+                          path: readinessProbePath,
+                          port: selfPortName,
+                          scheme: 'HTTPS',
+                        },
+                      },
                     },
                 super.containers,
               ),