Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add health Probe #1058

Merged
merged 26 commits into from
Sep 7, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions charts/ratify/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -38,6 +38,14 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.healthPort }}
readinessProbe:
httpGet:
path: /readyz
port: {{ .Values.healthPort }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -70,11 +78,15 @@ spec:
- --metrics-enabled={{ .Values.instrumentation.metricsEnabled }}
- --metrics-type={{ .Values.instrumentation.metricsType }}
- --metrics-port={{ .Values.instrumentation.metricsPort }}
- --health-port=:{{ .Values.healthPort }}
ports:
- containerPort: 6001
{{- if .Values.instrumentation.metricsEnabled }}
- containerPort: {{ required "You must provide .Values.instrumentation.metricsPort" .Values.instrumentation.metricsPort }}
{{- end }}
- containerPort: {{ required "You must provide .Values.healthPort" .Values.healthPort }}
name: healthz
protocol: TCP
volumeMounts:
{{- if .Values.cosign.enabled }}
- mountPath: "/usr/local/ratify-certs/cosign"
1 change: 1 addition & 0 deletions charts/ratify/values.yaml
Original file line number Diff line number Diff line change
@@ -87,6 +87,7 @@ provider:
podAnnotations: {}
podLabels: {}
enableRuntimeDefaultSeccompProfile: true
healthPort: 9099

rbac:
create: true
4 changes: 3 additions & 1 deletion cmd/ratify/cmd/serve.go
Original file line number Diff line number Diff line change
@@ -47,6 +47,7 @@ type serveCmdOptions struct {
metricsEnabled bool
metricsType string
metricsPort int
healthPort string
}

func NewCmdServe(_ ...string) *cobra.Command {
@@ -77,6 +78,7 @@ func NewCmdServe(_ ...string) *cobra.Command {
flags.BoolVar(&opts.metricsEnabled, "metrics-enabled", false, "Enable metrics exporter if enabled (default: false)")
flags.StringVar(&opts.metricsType, "metrics-type", httpserver.DefaultMetricsType, fmt.Sprintf("Metrics exporter type to use (default: %s)", httpserver.DefaultMetricsType))
flags.IntVar(&opts.metricsPort, "metrics-port", httpserver.DefaultMetricsPort, fmt.Sprintf("Metrics exporter port to use (default: %d)", httpserver.DefaultMetricsPort))
flags.StringVar(&opts.healthPort, "health-port", httpserver.DefaultHealthPort, fmt.Sprintf("Health port to use (default: %s)", httpserver.DefaultHealthPort))
return cmd
}

@@ -100,7 +102,7 @@ func serve(opts serveCmdOptions) error {
if opts.enableCrdManager {
certRotatorReady := make(chan struct{})
logrus.Infof("starting crd manager")
go manager.StartManager(certRotatorReady)
go manager.StartManager(certRotatorReady, opts.healthPort)
manager.StartServer(opts.httpServerAddress, opts.configFilePath, opts.certDirectory, opts.caCertFile, opts.cacheTTL, opts.metricsEnabled, opts.metricsType, opts.metricsPort, certRotatorReady)

return nil
1 change: 1 addition & 0 deletions httpserver/server.go
Original file line number Diff line number Diff line change
@@ -46,6 +46,7 @@ const (

DefaultMetricsType = "prometheus"
DefaultMetricsPort = 8888
DefaultHealthPort = ":9099"
)

type Server struct {
7 changes: 4 additions & 3 deletions pkg/manager/manager.go
Original file line number Diff line number Diff line change
@@ -142,12 +142,11 @@ func StartServer(httpServerAddress, configFilePath, certDirectory, caCertFile st
}
}

func StartManager(certRotatorReady chan struct{}) {
func StartManager(certRotatorReady chan struct{}, probeAddr string) {
var metricsAddr string
var enableLeaderElection bool
var probeAddr string

flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
flag.BoolVar(&enableLeaderElection, "leader-elect", false,
"Enable leader election for controller manager. "+
"Enabling this will ensure there is only one active controller manager.")
@@ -179,6 +178,8 @@ func StartManager(certRotatorReady chan struct{}) {
os.Exit(1)
}

setupLog.Debugf("setting up probeAddr at %s", probeAddr)

// Make sure certs are generated and valid if cert rotation is enabled.
if featureflag.CertRotation.Enabled {
// Make sure TLS cert watcher is already set up.