From b8c46cedf216eaff8318ce6c99e39ca47bad1208 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Wed, 11 Dec 2024 09:49:12 +0100 Subject: [PATCH 1/2] fix: make default probe timers less aggressive --- helm/charts/hydra/README.md | 2 +- helm/charts/hydra/values.yaml | 4 ++-- helm/charts/keto/README.md | 4 ++-- helm/charts/keto/values.yaml | 4 ++-- helm/charts/kratos/README.md | 2 +- helm/charts/kratos/values.yaml | 4 ++-- helm/charts/oathkeeper/README.md | 2 +- helm/charts/oathkeeper/values.yaml | 6 +++--- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/helm/charts/hydra/README.md b/helm/charts/hydra/README.md index 23e6383cb..c9fd34599 100644 --- a/helm/charts/hydra/README.md +++ b/helm/charts/hydra/README.md @@ -98,7 +98,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes | deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | deployment.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | deployment.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":0,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":1}` | Default probe timers | +| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":1,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":2}` | Default probe timers | | deployment.strategy.rollingUpdate.maxSurge | string | `"25%"` | | | deployment.strategy.rollingUpdate.maxUnavailable | string | `"25%"` | | | deployment.strategy.type | string | `"RollingUpdate"` | | diff --git a/helm/charts/hydra/values.yaml b/helm/charts/hydra/values.yaml index 9600c16b7..f81ff6017 100644 --- a/helm/charts/hydra/values.yaml +++ b/helm/charts/hydra/values.yaml @@ -345,8 +345,8 @@ deployment: failureThreshold: 5 successThreshold: 1 periodSeconds: 1 - timeoutSeconds: 1 - initialDelaySeconds: 0 + timeoutSeconds: 2 + initialDelaySeconds: 1 automountServiceAccountToken: false diff --git a/helm/charts/keto/README.md b/helm/charts/keto/README.md index 9e93f2998..4c1961b2a 100644 --- a/helm/charts/keto/README.md +++ b/helm/charts/keto/README.md @@ -59,10 +59,10 @@ Access Control Policies as a Server | deployment.resources | object | `{}` | | | deployment.revisionHistoryLimit | int | `5` | Number of revisions kept in history | | deployment.startupProbe.failureThreshold | int | `5` | | -| deployment.startupProbe.initialDelaySeconds | int | `0` | | +| deployment.startupProbe.initialDelaySeconds | int | `1` | | | deployment.startupProbe.periodSeconds | int | `1` | | | deployment.startupProbe.successThreshold | int | `1` | | -| deployment.startupProbe.timeoutSeconds | int | `1` | | +| deployment.startupProbe.timeoutSeconds | int | `2` | | | deployment.strategy.rollingUpdate.maxSurge | string | `"25%"` | | | deployment.strategy.rollingUpdate.maxUnavailable | string | `"25%"` | | | deployment.strategy.type | string | `"RollingUpdate"` | | diff --git a/helm/charts/keto/values.yaml b/helm/charts/keto/values.yaml index 5c3e181db..0d24fea65 100644 --- a/helm/charts/keto/values.yaml +++ b/helm/charts/keto/values.yaml @@ -309,8 +309,8 @@ deployment: failureThreshold: 5 successThreshold: 1 periodSeconds: 1 - timeoutSeconds: 1 - initialDelaySeconds: 0 + timeoutSeconds: 2 + initialDelaySeconds: 1 ## -- Configure a custom livenessProbe. This overwrites the default object customLivenessProbe: {} ## -- Configure a custom readinessProbe. This overwrites the default object diff --git a/helm/charts/kratos/README.md b/helm/charts/kratos/README.md index 7137c9948..86960ba62 100644 --- a/helm/charts/kratos/README.md +++ b/helm/charts/kratos/README.md @@ -75,7 +75,7 @@ A ORY Kratos Helm chart for Kubernetes | deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | deployment.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | deployment.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":0,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":1}` | Configure the startupProbe parameters | +| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":1,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":2}` | Configure the startupProbe parameters | | deployment.terminationGracePeriodSeconds | int | `60` | | | deployment.tolerations | list | `[]` | Configure node tolerations. | | deployment.topologySpreadConstraints | list | `[]` | Configure pod topologySpreadConstraints. | diff --git a/helm/charts/kratos/values.yaml b/helm/charts/kratos/values.yaml index 8e076398f..316fd16ae 100644 --- a/helm/charts/kratos/values.yaml +++ b/helm/charts/kratos/values.yaml @@ -221,8 +221,8 @@ deployment: failureThreshold: 5 successThreshold: 1 periodSeconds: 1 - timeoutSeconds: 1 - initialDelaySeconds: 0 + timeoutSeconds: 2 + initialDelaySeconds: 1 # -- Configure a custom livenessProbe. This overwrites the default object customLivenessProbe: {} diff --git a/helm/charts/oathkeeper/README.md b/helm/charts/oathkeeper/README.md index 11d7d274a..653fa305e 100644 --- a/helm/charts/oathkeeper/README.md +++ b/helm/charts/oathkeeper/README.md @@ -57,7 +57,7 @@ A Helm chart for deploying ORY Oathkeeper in Kubernetes | deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | deployment.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | deployment.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| deployment.startupProbe | object | `{"failureThreshold":60,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":1}` | Configure the startupProbe parameters | +| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":1,"successThreshold":1,"timeoutSeconds":2}` | Configure the startupProbe parameters | | deployment.strategy.rollingUpdate | object | `{}` | | | deployment.strategy.type | string | `"RollingUpdate"` | | | deployment.terminationGracePeriodSeconds | int | `60` | | diff --git a/helm/charts/oathkeeper/values.yaml b/helm/charts/oathkeeper/values.yaml index 2c2603325..0dc25c373 100644 --- a/helm/charts/oathkeeper/values.yaml +++ b/helm/charts/oathkeeper/values.yaml @@ -262,10 +262,10 @@ deployment: failureThreshold: 5 # -- Configure the startupProbe parameters startupProbe: - failureThreshold: 60 + failureThreshold: 5 successThreshold: 1 - periodSeconds: 1 - timeoutSeconds: 1 + timeoutSeconds: 2 + initialDelaySeconds: 1 # -- Configure a custom livenessProbe. This overwrites the default object customLivenessProbe: {} From cd55eef97a7530c9d8fe615657e95561cb5582ef Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Wed, 11 Dec 2024 10:04:34 +0100 Subject: [PATCH 2/2] fix: oathkeeper probe endpoints --- helm/charts/oathkeeper/README.md | 1 - .../templates/deployment-controller.yaml | 16 ++++------------ .../oathkeeper/templates/deployment-sidecar.yaml | 16 ++++------------ helm/charts/oathkeeper/values.yaml | 5 ----- 4 files changed, 8 insertions(+), 30 deletions(-) diff --git a/helm/charts/oathkeeper/README.md b/helm/charts/oathkeeper/README.md index 653fa305e..cd1f7cf56 100644 --- a/helm/charts/oathkeeper/README.md +++ b/helm/charts/oathkeeper/README.md @@ -46,7 +46,6 @@ A Helm chart for deploying ORY Oathkeeper in Kubernetes | deployment.extraVolumes | list | `[]` | Extra volumes you can attach to the pod. | | deployment.labels | object | `{}` | | | deployment.lifecycle | object | `{}` | | -| deployment.livenessProbe | object | `{"failureThreshold":5,"initialDelaySeconds":5,"periodSeconds":10}` | Configure the livenessProbe parameters | | deployment.nodeSelector | object | `{}` | Node labels for pod assignment. | | deployment.podMetadata | object | `{"annotations":{},"labels":{}}` | Specify pod metadata, this metadata is added directly to the pod, and not higher objects | | deployment.podMetadata.annotations | object | `{}` | Extra pod level annotations | diff --git a/helm/charts/oathkeeper/templates/deployment-controller.yaml b/helm/charts/oathkeeper/templates/deployment-controller.yaml index 35eb9f28a..1826fde01 100644 --- a/helm/charts/oathkeeper/templates/deployment-controller.yaml +++ b/helm/charts/oathkeeper/templates/deployment-controller.yaml @@ -146,24 +146,16 @@ spec: containerPort: {{ .Values.oathkeeper.config.serve.prometheus.port }} lifecycle: {{- toYaml .Values.deployment.lifecycle | nindent 12 }} + {{- if .Values.deployment.customLivenessProbe }} livenessProbe: - {{- if .Values.deployment.customLivenessProbe }} - {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }} - {{- else }} - httpGet: - path: /health/alive - port: http-api - httpHeaders: - - name: Host - value: '127.0.0.1' - {{- toYaml .Values.deployment.livenessProbe | nindent 12 }} - {{- end }} + {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }} + {{- end }} readinessProbe: {{- if .Values.deployment.customReadinessProbe }} {{- toYaml .Values.deployment.customReadinessProbe | nindent 12 }} {{- else }} httpGet: - path: /health/ready + path: /health/alive port: http-api httpHeaders: - name: Host diff --git a/helm/charts/oathkeeper/templates/deployment-sidecar.yaml b/helm/charts/oathkeeper/templates/deployment-sidecar.yaml index dd57087b5..f75c5e57b 100644 --- a/helm/charts/oathkeeper/templates/deployment-sidecar.yaml +++ b/helm/charts/oathkeeper/templates/deployment-sidecar.yaml @@ -124,24 +124,16 @@ spec: - name: http-metrics protocol: TCP containerPort: {{ .Values.oathkeeper.config.serve.prometheus.port }} + {{- if .Values.deployment.customLivenessProbe }} livenessProbe: - {{- if .Values.deployment.customLivenessProbe }} - {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }} - {{- else }} - httpGet: - path: /health/alive - port: http-api - httpHeaders: - - name: Host - value: '127.0.0.1' - {{- toYaml .Values.deployment.livenessProbe | nindent 12 }} - {{- end }} + {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }} + {{- end }} readinessProbe: {{- if .Values.deployment.customReadinessProbe }} {{- toYaml .Values.deployment.customReadinessProbe | nindent 12 }} {{- else }} httpGet: - path: /health/ready + path: /health/alive port: http-api httpHeaders: - name: Host diff --git a/helm/charts/oathkeeper/values.yaml b/helm/charts/oathkeeper/values.yaml index 0dc25c373..a44ed0882 100644 --- a/helm/charts/oathkeeper/values.yaml +++ b/helm/charts/oathkeeper/values.yaml @@ -250,11 +250,6 @@ deployment: # memory: 128Mi lifecycle: {} - # -- Configure the livenessProbe parameters - livenessProbe: - initialDelaySeconds: 5 - periodSeconds: 10 - failureThreshold: 5 # -- Configure the readinessProbe parameters readinessProbe: initialDelaySeconds: 5