feat: add health Probe (ratify-project#1058)

Signed-off-by: Susan Shi <[email protected]>
bspaans · Sep 7, 2023 · aca86af · aca86af
1 parent f990031
commit aca86af
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 4 deletions.
diff --git a/charts/ratify/templates/deployment.yaml b/charts/ratify/templates/deployment.yaml
@@ -38,6 +38,14 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.healthPort }}
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: {{ .Values.healthPort }}
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -70,11 +78,15 @@ spec:
             - --metrics-enabled={{ .Values.instrumentation.metricsEnabled }}
             - --metrics-type={{ .Values.instrumentation.metricsType }}
             - --metrics-port={{ .Values.instrumentation.metricsPort }}
+            - --health-port=:{{ .Values.healthPort }}
           ports:
             - containerPort: 6001
             {{- if .Values.instrumentation.metricsEnabled }}
             - containerPort: {{ required "You must provide .Values.instrumentation.metricsPort" .Values.instrumentation.metricsPort }}
             {{- end }}
+            - containerPort: {{ required "You must provide .Values.healthPort"  .Values.healthPort }}
+              name: healthz
+              protocol: TCP
           volumeMounts:             
             {{- if .Values.cosign.enabled }}
             - mountPath: "/usr/local/ratify-certs/cosign"

diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml
@@ -87,6 +87,7 @@ provider:
 podAnnotations: {}
 podLabels: {}
 enableRuntimeDefaultSeccompProfile: true
+healthPort: 9099
 
 rbac:
   create: true

diff --git a/cmd/ratify/cmd/serve.go b/cmd/ratify/cmd/serve.go
@@ -47,6 +47,7 @@ type serveCmdOptions struct {
 	metricsEnabled    bool
 	metricsType       string
 	metricsPort       int
+	healthPort        string
 }
 
 func NewCmdServe(_ ...string) *cobra.Command {
@@ -77,6 +78,7 @@ func NewCmdServe(_ ...string) *cobra.Command {
 	flags.BoolVar(&opts.metricsEnabled, "metrics-enabled", false, "Enable metrics exporter if enabled (default: false)")
 	flags.StringVar(&opts.metricsType, "metrics-type", httpserver.DefaultMetricsType, fmt.Sprintf("Metrics exporter type to use (default: %s)", httpserver.DefaultMetricsType))
 	flags.IntVar(&opts.metricsPort, "metrics-port", httpserver.DefaultMetricsPort, fmt.Sprintf("Metrics exporter port to use (default: %d)", httpserver.DefaultMetricsPort))
+	flags.StringVar(&opts.healthPort, "health-port", httpserver.DefaultHealthPort, fmt.Sprintf("Health port to use (default: %s)", httpserver.DefaultHealthPort))
 	return cmd
 }
 
@@ -100,7 +102,7 @@ func serve(opts serveCmdOptions) error {
 	if opts.enableCrdManager {
 		certRotatorReady := make(chan struct{})
 		logrus.Infof("starting crd manager")
-		go manager.StartManager(certRotatorReady)
+		go manager.StartManager(certRotatorReady, opts.healthPort)
 		manager.StartServer(opts.httpServerAddress, opts.configFilePath, opts.certDirectory, opts.caCertFile, opts.cacheTTL, opts.metricsEnabled, opts.metricsType, opts.metricsPort, certRotatorReady)
 
 		return nil

diff --git a/httpserver/server.go b/httpserver/server.go
@@ -46,6 +46,7 @@ const (
 
 	DefaultMetricsType = "prometheus"
 	DefaultMetricsPort = 8888
+	DefaultHealthPort  = ":9099"
 )
 
 type Server struct {

diff --git a/pkg/manager/manager.go b/pkg/manager/manager.go
@@ -142,12 +142,11 @@ func StartServer(httpServerAddress, configFilePath, certDirectory, caCertFile st
 	}
 }
 
-func StartManager(certRotatorReady chan struct{}) {
+func StartManager(certRotatorReady chan struct{}, probeAddr string) {
 	var metricsAddr string
 	var enableLeaderElection bool
-	var probeAddr string
+
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
-	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
@@ -179,6 +178,8 @@ func StartManager(certRotatorReady chan struct{}) {
 		os.Exit(1)
 	}
 
+	setupLog.Debugf("setting up probeAddr at %s", probeAddr)
+
 	// Make sure certs are generated and valid if cert rotation is enabled.
 	if featureflag.CertRotation.Enabled {
 		// Make sure TLS cert watcher is already set up.