fix: probes lightship + improvments
This commit is contained in:
parent
7fff983f31
commit
5a88ca81f9
GPG key ID:
C04215C627711F5C
3 changed files with 119 additions and 10 deletions
|
|
@ -36,3 +36,24 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
app.kubernetes.io/name: {{ include "common.names.name" . }}
|
app.kubernetes.io/name: {{ include "common.names.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "common.tplvalues.render" -}}
|
||||||
|
{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
|
||||||
|
{{- if contains "{{" (toJson .value) }}
|
||||||
|
{{- if .scope }}
|
||||||
|
{{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
|
||||||
|
{{- else }}
|
||||||
|
{{- tpl $value .context }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "common.tplvalues.merge" -}}
|
||||||
|
{{- $dst := dict -}}
|
||||||
|
{{- range .values -}}
|
||||||
|
{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{ $dst | toYaml }}
|
||||||
|
{{- end -}}
|
||||||
|
|
|
||||||
|
|
@ -59,30 +59,62 @@ spec:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}
|
- name: {{ .Chart.Name }}
|
||||||
|
{{- with .Values.podSecurityContext }}
|
||||||
securityContext:
|
securityContext:
|
||||||
readOnlyRootFilesystem: true
|
{{- toYaml . | nindent 12 }}
|
||||||
runAsUser: 1000
|
{{- end }}
|
||||||
runAsGroup: 1000
|
|
||||||
runAsNonRoot: true
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
{{- if .Values.exposed }}
|
{{- if .Values.exposed }}
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
containerPort: 4000
|
containerPort: {{ .Values.httpContainerPort }}
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
|
{{- if .Values.customLivenessProbe }}
|
||||||
|
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
|
||||||
|
{{- else if .Values.livenessProbe.enabled }}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /
|
path: /live
|
||||||
port: http
|
port: 9000
|
||||||
|
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
|
||||||
|
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
|
||||||
|
successThreshold: {{ .Values.livenessProbe.successThreshold }}
|
||||||
|
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.customReadinessProbe }}
|
||||||
|
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
|
||||||
|
{{- else if .Values.readinessProbe.enabled }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /
|
path: /ready
|
||||||
port: http
|
port: 9000
|
||||||
|
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
|
||||||
|
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
|
||||||
|
successThreshold: {{ .Values.readinessProbe.successThreshold }}
|
||||||
|
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.customStartupProbe }}
|
||||||
|
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
|
||||||
|
{{- else if .Values.startupProbe.enabled }}
|
||||||
|
startupProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /live
|
||||||
|
port: 9000
|
||||||
|
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
|
||||||
|
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
|
||||||
|
successThreshold: {{ .Values.startupProbe.successThreshold }}
|
||||||
|
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.resources | nindent 12 }}
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
|
{{- if .Values.lifecycleHooks }}
|
||||||
|
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
{{- if .Values.application.jwt.enabled }}
|
{{- if .Values.application.jwt.enabled }}
|
||||||
- name: jwt
|
- name: jwt
|
||||||
|
|
@ -158,6 +190,17 @@ spec:
|
||||||
{{- (tpl ($value | toYaml) $) | nindent 14 }}
|
{{- (tpl ($value | toYaml) $) | nindent 14 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.sidecars }}
|
||||||
|
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.initContainers }}
|
||||||
|
initContainers:
|
||||||
|
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml .Values.nodeSelector | nindent 8 }}
|
{{- toYaml .Values.nodeSelector | nindent 8 }}
|
||||||
affinity:
|
affinity:
|
||||||
|
|
|
||||||
|
|
@ -43,11 +43,56 @@ extraEnv:
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
|
|
||||||
|
livenessProbe:
|
||||||
|
enabled: true
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 5
|
||||||
|
timeoutSeconds: 5
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 5
|
||||||
|
readinessProbe:
|
||||||
|
enabled: true
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 5
|
||||||
|
timeoutSeconds: 1
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 5
|
||||||
|
startupProbe:
|
||||||
|
enabled: false
|
||||||
|
initialDelaySeconds: 0
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 60
|
||||||
|
customLivenessProbe: {}
|
||||||
|
customReadinessProbe: {}
|
||||||
|
customStartupProbe: {}
|
||||||
|
lifecycleHooks: {}
|
||||||
|
initContainers: []
|
||||||
|
sidecars: []
|
||||||
|
|
||||||
commonAnnotations: {}
|
commonAnnotations: {}
|
||||||
commonLabels: {}
|
commonLabels: {}
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
fsGroup: 1000
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsUser: 1000
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
|
||||||
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
|
|
||||||
|
httpContainerPort: 4000
|
||||||
|
|
||||||
service:
|
service:
|
||||||
enabled: true
|
enabled: true
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue