feat: enhance health probe configuration

On-behalf-of: @SAP angel.kafazov@sap.com
Signed-off-by: Angel Kafazov <akafazov@cst-bg.net>

README.md

@@ -5,6 +5,9 @@ This repository contains public helm charts for the OpenMFP project.
 ## Taskfile
 It uses Taskfile and task command to local dev tooling. The following tasks are available: `lint, helmtest, test, update, validate, vulnerability, helm-docs`.
 
+## Updating charts
+If a chart is changed, it could be dependency of other chart or its dependencies must be updated. To do it, run `task update`.
+
 ## Helm-docs
 Using https://github.com/norwoodj/helm-docs to generate charts documentation. Documentation can be updated by running `task helm-docs` command.
 

Taskfile.yaml

@@ -3,7 +3,7 @@ version: '3'
 vars:
   LOCAL_BIN: bin
   CHARTS:
-    sh: "ls charts/ | sed 's/^/charts\\//g' | paste -sd ',' -"
+    sh: "ls -d charts/*/ | paste -sd ',' -"
 tasks:
   ## Setup
   setup:kube-lint:

charts/README.md.gotmpl → charts/_templates.gotmpl

@@ -9,6 +9,8 @@
 
 {{ template "chart.valuesHeader" . }}
 
+Default configuration parameters, which can be overriden either globally or on a chart level are documented in [common/README.md](../common/README.md).
+
 {{ template "chart.valuesTable" . }}
 
 {{ template "helm-docs.versionFooter" . }}

charts/account-operator-crds/README.md

@@ -1,5 +1,21 @@
 # account-operator-crds
 
+A Helm chart for Kubernetes
+
+![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
+
+## Additional Information
+
+## Values
+
+Default configuration parameters, which can be overriden either globally or on a chart level are documented in [common/README.md](../common/README.md).
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| kcp.enabled | bool | `false` |  |
+
+# account-operator-crds
+
 ![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
 
 A Helm chart for Kubernetes

charts/account-operator/README.md

@@ -1,5 +1,53 @@
 # account-operator
 
+A Helm chart for Kubernetes
+
+![Version: 0.4.20](https://img.shields.io/badge/Version-0.4.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.106.0](https://img.shields.io/badge/AppVersion-0.106.0-informational?style=flat-square)
+
+## Additional Information
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| file://../account-operator-crds | account-operator-crds | 0.1.5 |
+| file://../common | common | 0.1.5 |
+
+## Values
+
+Default configuration parameters, which can be overriden either globally or on a chart level are documented in [common/README.md](../common/README.md).
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| crds.enabled | bool | `true` |  |
+| deployment.resources.limits.cpuOverride | string | `"260m"` |  |
+| deployment.resources.limits.memoryOverride | string | `"512Mi"` |  |
+| deployment.resources.requests.cpuOverride | string | `"150m"` |  |
+| deployment.resources.requests.memoryOverride | string | `"128Mi"` |  |
+| deployment.revisionHistoryLimit | int | `3` |  |
+| deployment.specTemplate.annotations | object | `{}` |  |
+| deployment.specTemplate.labels | object | `{}` |  |
+| image.name | string | `"ghcr.io/openmfp/account-operator"` |  |
+| image.tag | string | `"latest"` |  |
+| kcp.enabled | bool | `false` |  |
+| kcp.virtualWorkspaceUrl | string | `""` |  |
+| kubeconfigSecret | string | `""` |  |
+| logLevel | string | `"warn"` |  |
+| security.mountServiceAccountToken | bool | `false` |  |
+| subroutines.extension.enabled | bool | `true` |  |
+| subroutines.extensionReady.enabled | bool | `true` |  |
+| subroutines.fga.creatorRelation | string | `"owner"` |  |
+| subroutines.fga.enabled | bool | `true` |  |
+| subroutines.fga.grpcAddr | string | `""` |  |
+| subroutines.fga.objectType | string | `"account"` |  |
+| subroutines.fga.parentRelation | string | `"parent"` |  |
+| subroutines.fga.rootNamespace | string | `"openmfp-root"` |  |
+| subroutines.namespace.enabled | bool | `true` |  |
+| webhooks.certDir | string | `"/certs"` |  |
+| webhooks.enabled | bool | `false` |  |
+
+# account-operator
+
 ![Version: 0.4.20](https://img.shields.io/badge/Version-0.4.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.106.0](https://img.shields.io/badge/AppVersion-0.106.0-informational?style=flat-square)
 
 A Helm chart for Kubernetes
@@ -23,14 +71,12 @@ A Helm chart for Kubernetes
 | deployment.revisionHistoryLimit | int | `3` |  |
 | deployment.specTemplate.annotations | object | `{}` |  |
 | deployment.specTemplate.labels | object | `{}` |  |
-| health.port | int | `8081` |  |
 | image.name | string | `"ghcr.io/openmfp/account-operator"` |  |
 | image.tag | string | `"latest"` |  |
 | kcp.enabled | bool | `false` |  |
 | kcp.virtualWorkspaceUrl | string | `""` |  |
 | kubeconfigSecret | string | `""` |  |
 | logLevel | string | `"warn"` |  |
-| metrics.port | int | `8080` |  |
 | security.mountServiceAccountToken | bool | `false` |  |
 | subroutines.extension.enabled | bool | `true` |  |
 | subroutines.extensionReady.enabled | bool | `true` |  |

charts/account-operator/templates/deployment.yaml

@@ -33,7 +33,7 @@ spec:
           - operator
           - --leader-elect
           - --log-level={{ .Values.logLevel }}
-          - "--health-probe-bind-address=:{{ .Values.health.port }}"
+          - '--health-probe-bind-address=:{{ include "common.getKeyValue" (dict "Values" .Values "key" "health.port") }}'
           image: {{ .Values.image.name }}:{{ .Chart.AppVersion }}
           name: manager
           {{ include "common.security" . | nindent 10 }}

charts/account-operator/tests/__snapshot__/deployment_test.yaml.snap

@@ -344,7 +344,7 @@ operator match the snapshot:
                 httpGet:
                   path: /readyz
                   port: 8081
-                initialDelaySeconds: 45
+                initialDelaySeconds: 5
                 periodSeconds: 10
               resources:
                 limits:
@@ -362,7 +362,7 @@ operator match the snapshot:
               startupProbe:
                 failureThreshold: 30
                 httpGet:
-                  path: /healthz
+                  path: /readyz
                   port: 8081
                 periodSeconds: 10
               volumeMounts: null
@@ -724,7 +724,7 @@ operator match the snapshot (with kubeconfigSecret):
                 httpGet:
                   path: /readyz
                   port: 8081
-                initialDelaySeconds: 45
+                initialDelaySeconds: 5
                 periodSeconds: 10
               resources:
                 limits:
@@ -742,7 +742,7 @@ operator match the snapshot (with kubeconfigSecret):
               startupProbe:
                 failureThreshold: 30
                 httpGet:
-                  path: /healthz
+                  path: /readyz
                   port: 8081
                 periodSeconds: 10
               volumeMounts:

charts/account-operator/tests/deployment_test.yaml

@@ -6,6 +6,8 @@ release:
 tests:
   - it: operator match the snapshot
     set:
+      # health:
+      #   portOverride: 8080
       deployment:
         resources:
           limits:
@@ -24,10 +26,14 @@ tests:
   - it: operator match the snapshot with webhook enabled
     set:
       health:
-        port: 8081
+        # portOverride: 8081
         liveness:
-          path: "/healthz"
+          pathOverride: "/healthz"
           # failureThreshold: 1
+        startup:
+          pathOverride: "/healthz"
+        readiness:
+          initialDelaySecondsOverride: 45
       webhooks:
         enabled: true
         certDir: /certs

charts/account-operator/values.yaml

@@ -14,34 +14,6 @@ webhooks:
   enabled: false
   certDir: /certs
 
-# The health probe configuration
-## @param health.port The port for the health probe
-## @param health.periodSeconds The period in seconds for performing the probe
-## @param health.readiness.path The path for the readiness probe
-## @param health.readiness.initialDelaySeconds The initial delay in seconds before starting the readiness probe
-## @param health.readiness.periodSeconds The period in seconds for performing the readiness probe
-## @param health.liveness.path The path for the liveness probe
-## @param health.liveness.failureThreshold The failure threshold for the liveness probe
-## @param health.startup.path The path for the startup probe
-## @param health.startup.failureThreshold The failure threshold for the startup probe
-health:
-  port: 8081
-  # periodSeconds: 10
-  # readiness:
-  #   path: "/readyz"
-  #   initialDelaySeconds: 5
-  #   periodSeconds: 10
-  # liveness:
-  #   path: "/healthz"
-  #   failureThreshold: 1
-  # startup:
-  #   path: "/readyz"
-  #   failureThreshold: 30
-
-# The metrics configuration
-## @param metrics.port The port for the metrics
-metrics:
-  port: 8080
 
 # The deployment configuration
 ## @param deployment.specTemplate.annotations The annotations to add to the deployment template

charts/common/README.md

@@ -33,17 +33,27 @@ Example
 | defaults.deployment.resources.limits | object | `{"cpu":"100m","memory":"512Mi"}` | cpu and memory limits for the deployment |
 | defaults.deployment.resources.requests | object | `{"cpu":"40m","memory":"50Mi"}` | cpu and memory requests for the deployment |
 | defaults.deployment.strategy | string | `"RollingUpdate"` | deployment strategy |
+| defaults.health.liveness | object | `{"failureThreshold":1,"path":"/healthz"}` | liveness probe parameters |
+| defaults.health.periodSeconds | int | `10` | health period |
+| defaults.health.port | int | `8081` | health port |
+| defaults.health.readiness | object | `{"initialDelaySeconds":5,"path":"/readyz","periodSeconds":10}` | readiness probe parameters |
+| defaults.health.startup | object | `{"failureThreshold":30,"path":"/readyz"}` | startup probe parameters |
 | defaults.imagePullPolicy | string | `"Always"` | imagePullPolicy is the policy to use when pulling images for all charts |
 | defaults.imagePullSecret | string | `"github"` | imagePullSecret is the name of the secret that holds the docker registry credentials |
+| defaults.metrics.port | int | `8080` | metrics port |
 
 # common
 
+A Helm chart for Kubernetes
+
 ![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
 
-A Helm chart for Kubernetes
+## Additional Information
 
 ## Values
 
+Default configuration parameters, which can be overriden either globally or on a chart level are documented in [common/README.md](../common/README.md).
+
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | defaults.certManager.enabled | bool | `false` | toggle to enable/disable cert-manager |
@@ -52,6 +62,12 @@ A Helm chart for Kubernetes
 | defaults.deployment.resources.limits | object | `{"cpu":"100m","memory":"512Mi"}` | cpu and memory limits for the deployment |
 | defaults.deployment.resources.requests | object | `{"cpu":"40m","memory":"50Mi"}` | cpu and memory requests for the deployment |
 | defaults.deployment.strategy | string | `"RollingUpdate"` | deployment strategy |
+| defaults.health.liveness | object | `{"failureThreshold":1,"path":"/healthz"}` | liveness probe parameters |
+| defaults.health.periodSeconds | int | `10` | health period |
+| defaults.health.port | int | `8081` | health port |
+| defaults.health.readiness | object | `{"initialDelaySeconds":5,"path":"/readyz","periodSeconds":10}` | readiness probe parameters |
+| defaults.health.startup | object | `{"failureThreshold":30,"path":"/readyz"}` | startup probe parameters |
 | defaults.imagePullPolicy | string | `"Always"` | imagePullPolicy is the policy to use when pulling images for all charts |
 | defaults.imagePullSecret | string | `"github"` | imagePullSecret is the name of the secret that holds the docker registry credentials |
+| defaults.metrics.port | int | `8080` | metrics port |
 

charts/common/templates/_deploymentHelpers.tpl

@@ -90,22 +90,22 @@ ports:
 {{- define "common.operatorHealthAndReadyness" }}
 livenessProbe:
   httpGet:
-    path: {{ ((.Values.health).liveness).path | default "/healthz" }}
-    port: {{ (.Values.health).port | default 3389 }}
-  failureThreshold: {{ ((.Values.health).liveness).failureThreshold | default 1 }}
-  periodSeconds: {{ (.Values.health).periodSeconds | default 10 }}
+    path: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.liveness.path") }}
+    port: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.port") }}
+  failureThreshold: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.liveness.failureThreshold") }}
+  periodSeconds: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.periodSeconds") }}
 startupProbe:
   httpGet:
-    path: {{ ((.Values.health).startup).path | default "/healthz" }}
-    port: {{ (.Values.health).port | default 3389 }}
-  failureThreshold: {{ ((.Values.health).startup).failureThreshold | default 30 }}
-  periodSeconds: {{ (.Values.health).periodSeconds | default 10 }}
+    path: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.startup.path") }}
+    port: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.port") }}
+  failureThreshold: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.startup.failureThreshold") }}
+  periodSeconds: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.periodSeconds") }}
 readinessProbe:
   httpGet:
-    path: {{ ((.Values.health).readiness).path | default "/readyz" }}
-    port: {{ (.Values.health).port | default 3389 }}
-  initialDelaySeconds: {{ ((.Values.health).readiness).initialDelaySeconds | default 45 }}
-  periodSeconds: {{ (.Values.health).periodSeconds | default 10 }}
+    path: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.readiness.path") }}
+    port: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.port") }}
+  initialDelaySeconds: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.readiness.initialDelaySeconds") }}
+  periodSeconds: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.periodSeconds") }}
 {{- end }}
 {{- define "common.security" -}}
 securityContext:
@@ -124,9 +124,9 @@ automountServiceAccountToken: {{ not (eq (.Values.security).mountServiceAccountT
 {{- end }}
 {{- define "common.PortsMetricsHealth" -}}
 - name: metrics
-  containerPort: {{ ((.Values).metrics).port | default 2112 }}
+  containerPort: {{ include "common.getKeyValue" (dict "Values" .Values "key" "metrics.port") }}
   protocol: TCP
 - name: health-port
-  containerPort: {{ (.Values.health).port | default 3389 }}
+  containerPort: {{ include "common.getKeyValue" (dict "Values" .Values "key" "health.port") }}
   protocol: TCP
 {{- end -}}

charts/common/values.yaml

@@ -26,3 +26,27 @@ defaults:
     maxUnavailable: 0
     # -- deployment strategy
     strategy: RollingUpdate
+
+
+  health:
+    # -- health port
+    port: 8081
+    # -- health period
+    periodSeconds: 10
+    # -- readiness probe parameters
+    readiness:
+      path: "/readyz"
+      initialDelaySeconds: 5
+      periodSeconds: 10
+    # -- liveness probe parameters
+    liveness:
+      path: "/healthz"
+      failureThreshold: 1
+    # -- startup probe parameters
+    startup:
+      path: "/readyz"
+      failureThreshold: 30
+
+  metrics:
+    # -- metrics port
+    port: 8080

charts/example-content/README.md

@@ -1,5 +1,37 @@
 # example-content
 
+Helm Chart for the openmfp Portal
+
+![Version: 0.110.4](https://img.shields.io/badge/Version-0.110.4-informational?style=flat-square) ![AppVersion: 0.123.0](https://img.shields.io/badge/AppVersion-0.123.0-informational?style=flat-square)
+
+## Additional Information
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://ghcr.io/openmfp/helm-charts | common | 0.1.4 |
+
+## Values
+
+Default configuration parameters, which can be overriden either globally or on a chart level are documented in [common/README.md](../common/README.md).
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| deployment.maxSurge | int | `5` |  |
+| deployment.maxUnavailable | int | `0` |  |
+| image.name | string | `"ghcr.io/openmfp/example-content"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.pullSecret | string | `"github"` |  |
+| istio.enabled | bool | `true` |  |
+| istio.gateway.name | string | `"gateway"` |  |
+| istio.virtualService.hosts[0] | string | `"your-host.com"` |  |
+| istio.virtualService.matchers[0].match[0].uri.exact | string | `"/ui/example-content"` |  |
+| istio.virtualService.matchers[0].match[1].uri.prefix | string | `"/ui/example-content/"` |  |
+| port | int | `8080` |  |
+
+# example-content
+
 ![Version: 0.110.4](https://img.shields.io/badge/Version-0.110.4-informational?style=flat-square) ![AppVersion: 0.123.0](https://img.shields.io/badge/AppVersion-0.123.0-informational?style=flat-square)
 
 Helm Chart for the openmfp Portal