slococo-uni
/
kube-exam
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add liveness and readiness probes (and use initContainer)

This commit is contained in:
Santiago Lo Coco 2023-11-17 22:15:17 -03:00
parent 492e06f2af
commit 5632470e74
5 changed files with 127 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -18,12 +18,11 @@ services:
----------
En `ingress` se repite el `host` por dos razones:
1) Si quisieran que la api esté en otro dominio se pueda hacer fácilmente mediante:
En `ingress` se repite el `host` debido a facilita que la api pueda estar en otro dominio, si así se desea:
```yaml
ingress:
ssl: true
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
@ -44,6 +43,4 @@ ingress:
- kube.slc.ar
- api.kube.slc.ar
```
2) No se pueden reutilizar variables en YAML. Existe la posibilidad de usar YAML anchors pero en la [documentación](https://helm.sh/docs/chart_template_guide/yaml_techniques/#yaml-anchors) no lo recomiendan: "Because Helm and Kubernetes often read, modify, and then rewrite YAML files, the anchors will be lost."
TODO: probar igual los anchors

18
helm/templates/_helpers.tpl
View File

@ -65,7 +65,7 @@ Create the name of the service account to use
Return true if a TLS secret should be created
*/}}
{{- define "exam.createTlsSecret" -}}
{{- if and .Values.tls.enabled (not .Values.tls.certificatesSecret) -}}
{{- if .Values.ingress.ssl -}}
{{- true -}}
{{- end -}}
{{- end -}}
@ -97,5 +97,19 @@ Search already generated TLS secret
Get host
*/}}
{{- define "exam.host" -}}
{{- default "kube-exam.local" .Values.tls.host -}}
{{- default "kube-exam.local" .Values.shared.host -}}
{{- end -}}
{{/*
Get secrets name
*/}}
{{- define "exam.secrets" -}}
{{ include "exam.fullname" . }}-secrets
{{- end -}}
{{/*
Get pv-claim name
*/}}
{{- define "exam.pvclaim" -}}
{{ include "exam.fullname" . }}-pv-claim
{{- end -}}

77
helm/templates/deployment.yaml
View File

@ -21,6 +21,16 @@ spec:
tier: {{ .tier }}
{{- include "exam.selectorLabels" $ | nindent 8 }}
spec:
{{- if .initContainer }}
initContainers:
- name: {{ .name }}-init
{{- with .image }}
image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
{{- end }}
{{- with .initContainer }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
containers:
- name: {{ .name }}
{{- with .image }}
@ -31,27 +41,49 @@ spec:
containerPort: {{ .port }}
{{- if .env }}
env:
{{- with .env }}
{{- range $key, $val := . }}
{{- if ne "secrets" $key }}
{{- $envKey := $key | upper | replace "-" "_" }}
- name: {{ $envKey }}
value: {{ quote $val }}
{{- else }}
{{- range $key, $val := $val }}
{{- $envKey := $key | upper | replace "-" "_" }}
- name: {{ $envKey }}
valueFrom:
secretKeyRef:
# TODO
name: {{ include "exam.fullname" $ }}-secrets
key: {{ $val }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- with .env }}
{{- range $key, $val := . }}
{{- if ne "secrets" $key }}
{{- $envKey := $key | upper | replace "-" "_" }}
- name: {{ $envKey }}
value: {{ quote $val }}
{{- else }}
{{- range $key, $val := $val }}
{{- $envKey := $key | upper | replace "-" "_" }}
- name: {{ $envKey }}
valueFrom:
secretKeyRef:
name: {{ include "exam.secrets" $ }}
key: {{ $val }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
resources: {}
{{- if not .probe }}
livenessProbe:
httpGet:
path: /ping
port: {{ .port }}
scheme: HTTP
initialDelaySeconds: 10
readinessProbe:
httpGet:
path: /ping
port: {{ .port }}
scheme: HTTP
initialDelaySeconds: 10
{{- else }}
livenessProbe:
exec:
{{- toYaml .probe | nindent 14 }}
initialDelaySeconds: 5
readinessProbe:
exec:
{{- toYaml .probe | nindent 14 }}
initialDelaySeconds: 5
{{- end }}
{{- if .mountPath }}
volumeMounts:
- mountPath: {{ .mountPath }}
@ -59,9 +91,8 @@ spec:
{{- end }}
{{- if .mountPath }}
volumes:
- name: {{ .storage }}
persistentVolumeClaim:
# TODO
claimName: {{ include "exam.fullname" $ }}-postgres-pv-claim
- name: {{ .storage }}
persistentVolumeClaim:
claimName: {{ include "exam.pvclaim" $ }}
{{- end }}
{{- end }}

14
helm/templates/volume.yaml
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "exam.fullname" . }}-postgres-pv
name: {{ include "exam.fullname" . }}-pv
labels:
type: local
{{- include "exam.labels" . | nindent 4 }}
@ -9,11 +9,11 @@ spec:
accessModes:
- ReadWriteOnce
capacity:
storage: {{ .Values.pvc.request | quote }}
storage: {{ .Values.pv.request | quote }}
local:
path: /var/lib/minikube
path: {{ .Values.pv.path | quote }}
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
storageClassName: {{ .Values.pv.class }}
volumeMode: Filesystem
nodeAffinity:
required:
@ -27,7 +27,7 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "exam.fullname" . }}-postgres-pv-claim
name: {{ include "exam.pvclaim" $ }}
labels:
app: db
{{- include "exam.labels" . | nindent 4 }}
@ -36,5 +36,5 @@ spec:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.pvc.request | quote }}
storageClassName: local-storage
storage: {{ .Values.pv.request | quote }}
storageClassName: {{ .Values.pv.class }}

78
helm/values.yaml
View File

@ -1,40 +1,52 @@
tls:
enabled: true
host: kube.slc.ar
shared:
host: &host kube.slc.ar
api:
name: &apiName "api"
port: &apiPort 5000
tier: &apiTier "backend"
db:
name: &dbName "db"
port: &dbPort 5432
tier: &dbTier "backend"
client:
name: &clientName "client"
port: &clientPort 8080
tier: &clientTier "frontend"
ingress:
ssl: true
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
hosts:
- host: kube.slc.ar
- host: *host
paths:
- path: /()(.*)
name: "client"
port: 8080
port: *clientPort
- path: /api(/|$)(.*)
name: "api"
port: 5000
port: *apiPort
tls:
- secretName: exam-crt
hosts:
- kube.slc.ar
- *host
services:
- api:
name: "api"
tier: "backend"
port: 5000
name: *apiName
tier: *apiTier
port: *apiPort
- client:
name: "client"
tier: "frontend"
port: 8080
name: *clientName
tier: *clientTier
port: *clientPort
target: 80
- postgres:
name: "db"
tier: "backend"
port: 5432
- db:
name: *dbName
tier: *dbTier
port: *dbPort
# secrets.yaml
secrets:
@ -42,34 +54,38 @@ secrets:
password: "password1234"
database-url: "postgresql://username:password1234@exam-db/api_prod"
pvc:
pv:
class: local-storage
request: 1Gi
path: /var/lib/minikube
deployments:
- api:
name: "api"
tier: "backend"
name: *apiName
tier: *apiTier
env:
app-settings: src.config.ProductionConfig
port: "5000"
port: *apiPort
secrets:
database-url: database-url
image:
repository: api
tag: prod
port: 5000
port: *apiPort
replicas: 3
initContainer:
command: ['/bin/sh', '-c', 'until nc -z exam-db 5432; do sleep 1; done;']
# cmd: ['sh', '-c', 'until pg_isready -U username -h exam-db -p 5432; do sleep 1; done']
- client:
tier: "frontend"
name: "client"
name: *clientName
tier: *clientTier
image:
repository: client
tag: prod
port: 8080
replicas: 3
port: 80
- db:
tier: "backend"
name: "db"
name: *dbName
tier: *dbTier
env:
pgdata: /var/lib/postgresql/data/pgdata
secrets:
@ -78,6 +94,8 @@ deployments:
image:
repository: db
tag: 13.3
port: 5432
port: *dbPort
mountPath: /var/lib/postgresql/data
storage: postgres-pv-storage
storage: pv-storage
probe:
command: ['/bin/sh', '-c', 'exec pg_isready -U "$(POSTGRES_USER)" -h localhost -p 5432;']