diff --git a/helm/flowforge/README.md b/helm/flowforge/README.md index 943f18a1..7650d79c 100644 --- a/helm/flowforge/README.md +++ b/helm/flowforge/README.md @@ -45,6 +45,9 @@ If using an external PostgreSQL Database you will need to create the database an - `forge.clusterRole.name` custom name for the ClusterRole (default `create-pod`) - `forge.resources` allows to configure [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the core application container - `forge.podSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the core application pod + - `forge.livenessProbe` block with [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the core application pod (check [here](#liveness-readiness-and-startup-probes) for more details) + - `forge.readinessProbe` block with [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the core application pod (check [here](#liveness-readiness-and-startup-probes) for more details) + - `forge.startupProbe` block with [startupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the core application pod (check [here](#liveness-readiness-and-startup-probes) for more details) - `forge.containerSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the core application container @@ -82,6 +85,9 @@ To use STMP to send email - `forge.broker.resources` allows to configure [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the broker container - `forge.broker.podSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the broker pod - `forge.broker.containerSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the broker container + - `forge.broker.livenessProbe` block with [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details) + - `forge.broker.readinessProbe` block with [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details) + - `forge.broker.startupProbe` block with [startupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details) ### Telemetry @@ -132,6 +138,9 @@ Enables FlowForge Telemetry - `forge.fileStore.resources` allows to configure [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the file-server container - `forge.fileStore.podSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the flowforge-file pod - `forge.fileStore.containerSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the flowforge-file container +- `forge.fileStore.livenessProbe` block with [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the flowforge-file pod (check [here](#liveness-readiness-and-startup-probes) for more details) +- `forge.fileStore.readinessProbe` block with [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the flowforge-file pod (check [here](#liveness-readiness-and-startup-probes) for more details) +- `forge.fileStore.startupProbe` block with [startupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the flowforge-file pod (check [here](#liveness-readiness-and-startup-probes) for more details) ### Private Certificate Authority @@ -183,3 +192,22 @@ editors: create: true name: editors ``` +### Liveness, readiness and startup probes + +Following values can be used to configure the liveness, readiness and startup probes for all pods: + +- `initialDelaySeconds` (default `10`) - number of seconds after the container has started before liveness or readiness probes are initiated +- `periodSeconds` (default `10`) - how often (in seconds) to perform the probe +- `timeoutSeconds` (default `5`) - number of seconds after which the probe times out +- `successThreshold` (default `1`) - minimum consecutive successes for the probe to be considered successful after having failed +- `failureThreshold` (default `3`) - minimum consecutive failures for the probe to be considered failed after having succeeded + +Example for readiness probe: +```yaml +readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 +``` diff --git a/helm/flowforge/templates/broker.yaml b/helm/flowforge/templates/broker.yaml index 666bbaed..2260fa48 100644 --- a/helm/flowforge/templates/broker.yaml +++ b/helm/flowforge/templates/broker.yaml @@ -76,14 +76,39 @@ spec: - containerPort: 1884 name: mqtt-ws securityContext: {{- toYaml .Values.forge.broker.containerSecurityContext | nindent 10 }} - # livenessProbe: - # httpGet: - # path: /ping.html - # port: 1884 - # readinessProbe: - # httpGet: - # path: /ping.html - # port: 1884 + {{- if .Values.forge.broker.livenessProbe }} + livenessProbe: + httpGet: + path: /ping.html + port: 1884 + initialDelaySeconds: {{ .Values.forge.broker.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.broker.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.broker.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.broker.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.broker.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.broker.readinessProbe }} + readinessProbe: + httpGet: + path: /ping.html + port: 1884 + initialDelaySeconds: {{ .Values.forge.broker.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.broker.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.broker.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.broker.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.broker.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.broker.startupProbe }} + startupProbe: + httpGet: + path: /ping.html + port: 1884 + initialDelaySeconds: {{ .Values.forge.broker.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.broker.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.broker.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.broker.startupProbe.successThreshold }} + failureThreshold: {{ .Values.forge.broker.startupProbe.failureThreshold }} + {{- end }} {{- if .Values.forge.broker.resources }} resources: {{- toYaml .Values.forge.broker.resources | nindent 12 }} {{- end }} diff --git a/helm/flowforge/templates/deployment.yaml b/helm/flowforge/templates/deployment.yaml index ababa095..c0a4130a 100644 --- a/helm/flowforge/templates/deployment.yaml +++ b/helm/flowforge/templates/deployment.yaml @@ -72,6 +72,39 @@ spec: {{- end }} ports: - containerPort: 3000 + {{- if .Values.forge.livenessProbe }} + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: {{ .Values.forge.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.readinessProbe }} + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: {{ .Values.forge.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.startupProbe }} + startupProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: {{ .Values.forge.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.startupProbe.successThreshold }} + failureThreshold: {{ .Values.forge.startupProbe.failureThreshold }} + {{- end }} {{- if .Values.forge.resources }} resources: {{- toYaml .Values.forge.resources | nindent 12 }} {{- end }} diff --git a/helm/flowforge/templates/file-storage.yml b/helm/flowforge/templates/file-storage.yml index 98195ed1..cce59ab5 100644 --- a/helm/flowforge/templates/file-storage.yml +++ b/helm/flowforge/templates/file-storage.yml @@ -78,6 +78,39 @@ spec: {{ end -}} ports: - containerPort: 3001 + {{- if .Values.forge.fileStore.livenessProbe }} + livenessProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: {{ .Values.forge.fileStore.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.fileStore.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.fileStore.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.fileStore.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.fileStore.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.fileStore.readinessProbe }} + readinessProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: {{ .Values.forge.fileStore.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.fileStore.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.fileStore.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.fileStore.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.forge.fileStore.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forge.fileStore.startupProbe }} + startupProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: {{ .Values.forge.fileStore.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forge.fileStore.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.forge.fileStore.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.forge.fileStore.startupProbe.successThreshold }} + failureThreshold: {{ .Values.forge.fileStore.startupProbe.failureThreshold }} + {{- end }} securityContext: {{- toYaml .Values.forge.fileStore.containerSecurityContext | nindent 10 }} {{- if .Values.forge.fileStore.resources }} resources: {{- toYaml .Values.forge.fileStore.resources | nindent 12 }} diff --git a/helm/flowforge/values.schema.json b/helm/flowforge/values.schema.json index 637293ee..d21f0ef8 100644 --- a/helm/flowforge/values.schema.json +++ b/helm/flowforge/values.schema.json @@ -271,6 +271,66 @@ } } }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, "containerSecurityContext": { "type": "object" } @@ -401,6 +461,66 @@ } } }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, "containerSecurityContext": { "type": "object" } @@ -548,8 +668,67 @@ }, "containerSecurityContext": { "type": "object" + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } } - }, "required": [ "domain", diff --git a/helm/flowforge/values.yaml b/helm/flowforge/values.yaml index 1c79968d..267e447d 100644 --- a/helm/flowforge/values.yaml +++ b/helm/flowforge/values.yaml @@ -27,9 +27,19 @@ forge: fsGroup: 1000 seccompProfile: type: RuntimeDefault - containerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + fileStore: enabled: false type: localfs @@ -54,6 +64,7 @@ forge: containerSecurityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true + support: enabled: false @@ -84,6 +95,19 @@ forge: allowPrivilegeEscalation: false readOnlyRootFilesystem: true + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + postgresql: auth: postgresPassword: Moomiet0