Add startupProbe (#19)

jhunzik · web-flow · commit c4b19ba9d40f · 2024-08-05T16:32:54.000-07:00
diff --git a/operator/Makefile b/operator/Makefile
@@ -1,4 +1,4 @@
-VERSION ?= 0.3.0
+VERSION ?= 0.3.1
 KEIP_INTEGRATION_IMAGE ?= ghcr.io/octoconsulting/keip/minimal-app:0.0.2
 
 KUBECTL := kubectl
diff --git a/operator/controller/integrationroute-controller.yaml b/operator/controller/integrationroute-controller.yaml
@@ -50,7 +50,7 @@ spec:
     spec:
       containers:
         - name: webhook
-          image: ghcr.io/octoconsulting/keip/route-webhook:0.6.0
+          image: ghcr.io/octoconsulting/keip/route-webhook:0.6.1
           ports:
             - containerPort: 7080
               name: webhook-http
diff --git a/operator/example/README.md b/operator/example/README.md
@@ -8,21 +8,12 @@ Prerequisites:
 - Metacontroller
 - Keip CRDs and controller
 - Access to a `keip-integration` image
-- Cert-Manager
 
-Running the example:
-1. Install Cert-Manager:
-```shell
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml
-```
-2. Create JKS password secret:
-```shell
-kubectl create secret generic --from-literal=password=password jks-password
-```
-3. Run example:
+Run the example:
 ```shell
 kubectl apply -k example
 ```
+*_Note_*: The example uses a keystore.jks file and a certificate created by [Cert Manager](https://cert-manager.io/).
 
 This should result in the creation of the following resources:
 
@@ -44,6 +35,7 @@ kubectl get pod
 NAME                         READY   STATUS    RESTARTS   AGE
 testroute-74d574bf85-tbv9m   1/1     Running   0          99s
 ```
+*_Note_*: Cert Manager takes a few seconds to create the certificate and keystore secret. The testroute pod will not start until the keystore.jks secret is available to mount.
 
 Check the pod's logs for the configured greeting and secret:
 ```shell
diff --git a/operator/example/kustomization.yaml b/operator/example/kustomization.yaml
@@ -1,4 +1,5 @@
 resources:
+  - https://github.com/cert-manager/cert-manager/releases/download/v1.15.2/cert-manager.yaml
   - testroute.yaml
   - cert.yaml
 
@@ -19,3 +20,6 @@ secretGenerator:
   - name: testroute-secret
     literals:
       - test.secret=pass123
+  - name: jks-password
+    literals:
+      - password=password
diff --git a/operator/webhook/.dockerignore b/operator/webhook/.dockerignore
@@ -11,5 +11,6 @@ pip-log.txt
 .pytest_cache
 
 # Local directives
+.venv
 test
 requirements-dev.txt
diff --git a/operator/webhook/Makefile b/operator/webhook/Makefile
@@ -1,4 +1,4 @@
-VERSION ?= 0.6.0
+VERSION ?= 0.6.1
 HOST_PORT ?= 7080
 
 IMG_REGISTRY := ghcr.io/octoconsulting
diff --git a/operator/webhook/introute/sync.py b/operator/webhook/introute/sync.py
@@ -291,15 +291,26 @@ def _create_pod_template(parent, labels, integration_image):
                             "port": management_port,
                             "scheme": scheme
                         },
-                        "initialDelaySeconds": 10,
+                        "failureThreshold": 3,
+                        "timeoutSeconds": 3
                     },
                     "readinessProbe": {
                         "httpGet": {
                             "path": "/actuator/health/readiness",
                             "port": management_port,
                             "scheme": scheme
                         },
-                        "initialDelaySeconds": 10,
+                        "failureThreshold": 2,
+                        "timeoutSeconds": 3
+                    },
+                    "startupProbe": {
+                        "httpGet": {
+                            "path": "/actuator/health/liveness",
+                            "port": management_port,
+                            "scheme": scheme
+                        },
+                        "failureThreshold": 12,
+                        "timeoutSeconds": 3
                     },
                 },
             ],
diff --git a/operator/webhook/test/json/full-response.json b/operator/webhook/test/json/full-response.json
@@ -82,15 +82,26 @@
                     "port": 8443,
                     "scheme": "HTTPS"
                   },
-                  "initialDelaySeconds": 10
+                  "failureThreshold": 3,
+                  "timeoutSeconds": 3
                 },
                 "readinessProbe": {
                   "httpGet": {
                     "path": "/actuator/health/readiness",
                     "port": 8443,
                     "scheme": "HTTPS"
                   },
-                  "initialDelaySeconds": 10
+                  "failureThreshold": 2,
+                  "timeoutSeconds": 3
+                },
+                "startupProbe": {
+                  "httpGet": {
+                    "path": "/actuator/health/liveness",
+                    "port": 8443,
+                    "scheme": "HTTPS"
+                  },
+                  "failureThreshold": 12,
+                  "timeoutSeconds": 3
                 },
                 "env": [
                   {

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-VERSION ?= 0.3.0`
	`1`	`+VERSION ?= 0.3.1`
`2`	`2`	`KEIP_INTEGRATION_IMAGE ?= ghcr.io/octoconsulting/keip/minimal-app:0.0.2`
`3`	`3`
`4`	`4`	`KUBECTL := kubectl`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-VERSION ?= 0.6.0`
	`1`	`+VERSION ?= 0.6.1`
`2`	`2`	`HOST_PORT ?= 7080`
`3`	`3`
`4`	`4`	`IMG_REGISTRY := ghcr.io/octoconsulting`