From 0fdba7057da80ad1f6dff95e8b3e16546084d44e Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Sun, 30 May 2021 09:24:17 +0100 Subject: [PATCH 1/5] Add readiness and liveness probs to Connect API --- charts/connect/README.md | 2 ++ .../connect/templates/connect-deployment.yaml | 30 +++++++++++++++++++ charts/connect/values.yaml | 3 ++ 3 files changed, 35 insertions(+) diff --git a/charts/connect/README.md b/charts/connect/README.md index bdb0911..6a7413e 100644 --- a/charts/connect/README.md +++ b/charts/connect/README.md @@ -58,6 +58,8 @@ $ helm install --set connect.applicationName=connect connect ./connect | connect.dataVolume.values | object | `{}` | Desribes the fields and values for configuration of shared volume for 1Password Connect | | connect.imagePullPolicy | string | `"IfNotPresent` | The 1Password Connect API image pull policy | | connect.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) stanza for the Connect pod | +| connect.probes.readiness | boolean | `true` | Denotes whether the 1Password Connect API readiness probe will operate and ensure the pod is ready before serving traffic | +| connect.probes.liveness | boolean | `true` | Denotes whether the 1Password Connect API will be continually checked by Kubernetes for liveness and restarted if the pod becomes unresponsive | | connect.sync.imageRepository | string | `"1password/connect-sync` | The 1Password Connect Sync repository | | connect.sync.name | string | `"connect-sync"` | The name of the 1Password Connect Sync container | | connect.sync.resources | object | `{}` | The resources requests/limits for the 1Password Connect Sync pod | diff --git a/charts/connect/templates/connect-deployment.yaml b/charts/connect/templates/connect-deployment.yaml index 9cd4b89..afa6c21 100644 --- a/charts/connect/templates/connect-deployment.yaml +++ b/charts/connect/templates/connect-deployment.yaml @@ -59,6 +59,20 @@ spec: secretKeyRef: name: {{ .Values.connect.credentialsName }} key: {{ .Values.connect.credentialsKey }} + readinessProbe: + httpGet: + path: /health + port: 8080 + failureThreshold: 3 + periodSeconds: 30 + initialDelaySeconds: 15 + livenessProbe: + httpGet: + path: /health + port: 8080 + failureThreshold: 3 + periodSeconds: 30 + initialDelaySeconds: 15 volumeMounts: - mountPath: /home/opuser/.op/data name: {{ .Values.connect.dataVolume.name }} @@ -78,6 +92,22 @@ spec: {{- toYaml .Values.connect.sync.resources | nindent 12 }} ports: - containerPort: 8081 + {{- if .Values.connect.probes.readiness }} + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 15 + {{ end }} + {{- if .Values.connect.probes.liveness }} + livenessProbe: + httpGet: + path: /health + port: 8080 + failureThreshold: 3 + periodSeconds: 30 + initialDelaySeconds: 15 + {{ end }} env: - name: OP_HTTP_PORT value: "8081" diff --git a/charts/connect/values.yaml b/charts/connect/values.yaml index a02cf3c..e690ad6 100644 --- a/charts/connect/values.yaml +++ b/charts/connect/values.yaml @@ -22,6 +22,9 @@ connect: imagePullPolicy: IfNotPresent version: "{{ .Chart.AppVersion }}" nodeSelector: {} + probes: + liveness: true + readiness: true operator: create: false From 7a4b7164b1526f5b8e71608d0013dc5995b3856f Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Sun, 30 May 2021 09:25:20 +0100 Subject: [PATCH 2/5] Add Values to enable / disable probes --- charts/connect/templates/connect-deployment.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/connect/templates/connect-deployment.yaml b/charts/connect/templates/connect-deployment.yaml index afa6c21..a15a9c1 100644 --- a/charts/connect/templates/connect-deployment.yaml +++ b/charts/connect/templates/connect-deployment.yaml @@ -59,13 +59,14 @@ spec: secretKeyRef: name: {{ .Values.connect.credentialsName }} key: {{ .Values.connect.credentialsKey }} + {{- if .Values.connect.probes.readiness }} readinessProbe: httpGet: path: /health port: 8080 - failureThreshold: 3 - periodSeconds: 30 initialDelaySeconds: 15 + {{ end }} + {{- if .Values.connect.probes.liveness }} livenessProbe: httpGet: path: /health @@ -73,6 +74,7 @@ spec: failureThreshold: 3 periodSeconds: 30 initialDelaySeconds: 15 + {{ end }} volumeMounts: - mountPath: /home/opuser/.op/data name: {{ .Values.connect.dataVolume.name }} From 67f95654600b721aa6c88a81aedda50f4c51c6e1 Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Tue, 1 Jun 2021 16:02:54 +0100 Subject: [PATCH 3/5] PR feedback for liveness probe --- charts/connect/templates/connect-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/connect/templates/connect-deployment.yaml b/charts/connect/templates/connect-deployment.yaml index a15a9c1..1f290a1 100644 --- a/charts/connect/templates/connect-deployment.yaml +++ b/charts/connect/templates/connect-deployment.yaml @@ -69,7 +69,7 @@ spec: {{- if .Values.connect.probes.liveness }} livenessProbe: httpGet: - path: /health + path: /heartbeat port: 8080 failureThreshold: 3 periodSeconds: 30 @@ -104,7 +104,7 @@ spec: {{- if .Values.connect.probes.liveness }} livenessProbe: httpGet: - path: /health + path: /heartbeat port: 8080 failureThreshold: 3 periodSeconds: 30 From 2c591cd37396343a8146ae96fc90b79ec0f56644 Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Tue, 22 Jun 2021 10:46:08 +0200 Subject: [PATCH 4/5] Handle non-default ports and TLS for probes --- charts/connect/templates/_helpers.tpl | 8 ++++++++ charts/connect/templates/connect-deployment.yaml | 11 +++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/charts/connect/templates/_helpers.tpl b/charts/connect/templates/_helpers.tpl index b46cbb1..6adcbb0 100644 --- a/charts/connect/templates/_helpers.tpl +++ b/charts/connect/templates/_helpers.tpl @@ -39,6 +39,14 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- range $k, $v := . -}}{{- if not $local.first -}},{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} {{- end -}} +{{- define "onepassword-connect.apiPort" -}} +{{- if .Values.connect.tls.enabled -}} +{{ .Values.connect.api.httpsPort }} +{{- else -}} +{{ .Values.connect.api.httpPort }} +{{- end }} +{{- end }} + {{- define "onepassword-connect.url" -}} {{- if .Values.connect.tls.enabled -}} https://{{ .Values.connect.applicationName }}:{{ .Values.connect.api.httpsPort }} diff --git a/charts/connect/templates/connect-deployment.yaml b/charts/connect/templates/connect-deployment.yaml index 0ae828d..536c48b 100644 --- a/charts/connect/templates/connect-deployment.yaml +++ b/charts/connect/templates/connect-deployment.yaml @@ -91,14 +91,16 @@ spec: readinessProbe: httpGet: path: /health - port: 8080 + scheme: {{ if .Values.connect.tls.enabled }}HTTPS{{ else }}HTTP{{end}} + port: {{ include "onepassword-connect.apiPort" . }} initialDelaySeconds: 15 {{ end }} {{- if .Values.connect.probes.liveness }} livenessProbe: httpGet: path: /heartbeat - port: 8080 + scheme: {{ if .Values.connect.tls.enabled }}HTTPS{{ else }}HTTP{{end}} + port: {{ include "onepassword-connect.apiPort" . }} failureThreshold: 3 periodSeconds: 30 initialDelaySeconds: 15 @@ -138,14 +140,15 @@ spec: readinessProbe: httpGet: path: /health - port: 8080 + port: {{ .Values.connect.sync.httpPort }} initialDelaySeconds: 15 {{ end }} {{- if .Values.connect.probes.liveness }} livenessProbe: httpGet: path: /heartbeat - port: 8080 + port: {{ .Values.connect.sync.httpPort }} + scheme: HTTP failureThreshold: 3 periodSeconds: 30 initialDelaySeconds: 15 From a9a650eb06e573168e6f9daa65a38479b5882758 Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Tue, 22 Jun 2021 10:47:38 +0200 Subject: [PATCH 5/5] Remove containerPort spec Does not attribute to the goal of the PR. The containerPort spec does not have any value by default. --- charts/connect/templates/connect-deployment.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/connect/templates/connect-deployment.yaml b/charts/connect/templates/connect-deployment.yaml index 536c48b..dd098c9 100644 --- a/charts/connect/templates/connect-deployment.yaml +++ b/charts/connect/templates/connect-deployment.yaml @@ -126,8 +126,6 @@ spec: - "NET_BROADCAST" resources: {{- toYaml .Values.connect.sync.resources | nindent 12 }} - ports: - - containerPort: 8081 env: - name: OP_HTTP_PORT value: "{{ .Values.connect.sync.httpPort }}"