From 5632470e74d56cf20ffd42dd646638f614564569 Mon Sep 17 00:00:00 2001 From: Santiago Lo Coco Date: Fri, 17 Nov 2023 22:15:17 -0300 Subject: [PATCH] Add liveness and readiness probes (and use initContainer) --- README.md | 7 +-- helm/templates/_helpers.tpl | 18 +++++++- helm/templates/deployment.yaml | 77 +++++++++++++++++++++++---------- helm/templates/volume.yaml | 14 +++--- helm/values.yaml | 78 +++++++++++++++++++++------------- 5 files changed, 127 insertions(+), 67 deletions(-) diff --git a/README.md b/README.md index a1f20b8..e7c335d 100644 --- a/README.md +++ b/README.md @@ -18,12 +18,11 @@ services: ---------- -En `ingress` se repite el `host` por dos razones: - -1) Si quisieran que la api esté en otro dominio se pueda hacer fácilmente mediante: +En `ingress` se repite el `host` debido a facilita que la api pueda estar en otro dominio, si así se desea: ```yaml ingress: + ssl: true annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" hosts: @@ -44,6 +43,4 @@ ingress: - kube.slc.ar - api.kube.slc.ar ``` -2) No se pueden reutilizar variables en YAML. Existe la posibilidad de usar YAML anchors pero en la [documentación](https://helm.sh/docs/chart_template_guide/yaml_techniques/#yaml-anchors) no lo recomiendan: "Because Helm and Kubernetes often read, modify, and then rewrite YAML files, the anchors will be lost." -TODO: probar igual los anchors diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index e7032a9..d947655 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -65,7 +65,7 @@ Create the name of the service account to use Return true if a TLS secret should be created */}} {{- define "exam.createTlsSecret" -}} -{{- if and .Values.tls.enabled (not .Values.tls.certificatesSecret) -}} +{{- if .Values.ingress.ssl -}} {{- true -}} {{- end -}} {{- end -}} @@ -97,5 +97,19 @@ Search already generated TLS secret Get host */}} {{- define "exam.host" -}} -{{- default "kube-exam.local" .Values.tls.host -}} +{{- default "kube-exam.local" .Values.shared.host -}} +{{- end -}} + +{{/* +Get secrets name +*/}} +{{- define "exam.secrets" -}} +{{ include "exam.fullname" . }}-secrets +{{- end -}} + +{{/* +Get pv-claim name +*/}} +{{- define "exam.pvclaim" -}} +{{ include "exam.fullname" . }}-pv-claim {{- end -}} \ No newline at end of file diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 0d436f9..03bc103 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -21,6 +21,16 @@ spec: tier: {{ .tier }} {{- include "exam.selectorLabels" $ | nindent 8 }} spec: + {{- if .initContainer }} + initContainers: + - name: {{ .name }}-init + {{- with .image }} + image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }} + {{- end }} + {{- with .initContainer }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} containers: - name: {{ .name }} {{- with .image }} @@ -31,27 +41,49 @@ spec: containerPort: {{ .port }} {{- if .env }} env: - {{- with .env }} - {{- range $key, $val := . }} - {{- if ne "secrets" $key }} - {{- $envKey := $key | upper | replace "-" "_" }} - - name: {{ $envKey }} - value: {{ quote $val }} - {{- else }} - {{- range $key, $val := $val }} - {{- $envKey := $key | upper | replace "-" "_" }} - - name: {{ $envKey }} - valueFrom: - secretKeyRef: - # TODO - name: {{ include "exam.fullname" $ }}-secrets - key: {{ $val }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} + {{- with .env }} + {{- range $key, $val := . }} + {{- if ne "secrets" $key }} + {{- $envKey := $key | upper | replace "-" "_" }} + - name: {{ $envKey }} + value: {{ quote $val }} + {{- else }} + {{- range $key, $val := $val }} + {{- $envKey := $key | upper | replace "-" "_" }} + - name: {{ $envKey }} + valueFrom: + secretKeyRef: + name: {{ include "exam.secrets" $ }} + key: {{ $val }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} resources: {} + {{- if not .probe }} + livenessProbe: + httpGet: + path: /ping + port: {{ .port }} + scheme: HTTP + initialDelaySeconds: 10 + readinessProbe: + httpGet: + path: /ping + port: {{ .port }} + scheme: HTTP + initialDelaySeconds: 10 + {{- else }} + livenessProbe: + exec: + {{- toYaml .probe | nindent 14 }} + initialDelaySeconds: 5 + readinessProbe: + exec: + {{- toYaml .probe | nindent 14 }} + initialDelaySeconds: 5 + {{- end }} {{- if .mountPath }} volumeMounts: - mountPath: {{ .mountPath }} @@ -59,9 +91,8 @@ spec: {{- end }} {{- if .mountPath }} volumes: - - name: {{ .storage }} - persistentVolumeClaim: - # TODO - claimName: {{ include "exam.fullname" $ }}-postgres-pv-claim + - name: {{ .storage }} + persistentVolumeClaim: + claimName: {{ include "exam.pvclaim" $ }} {{- end }} {{- end }} \ No newline at end of file diff --git a/helm/templates/volume.yaml b/helm/templates/volume.yaml index 47c28c7..ce47f00 100644 --- a/helm/templates/volume.yaml +++ b/helm/templates/volume.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: {{ include "exam.fullname" . }}-postgres-pv + name: {{ include "exam.fullname" . }}-pv labels: type: local {{- include "exam.labels" . | nindent 4 }} @@ -9,11 +9,11 @@ spec: accessModes: - ReadWriteOnce capacity: - storage: {{ .Values.pvc.request | quote }} + storage: {{ .Values.pv.request | quote }} local: - path: /var/lib/minikube + path: {{ .Values.pv.path | quote }} persistentVolumeReclaimPolicy: Retain - storageClassName: local-storage + storageClassName: {{ .Values.pv.class }} volumeMode: Filesystem nodeAffinity: required: @@ -27,7 +27,7 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ include "exam.fullname" . }}-postgres-pv-claim + name: {{ include "exam.pvclaim" $ }} labels: app: db {{- include "exam.labels" . | nindent 4 }} @@ -36,5 +36,5 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .Values.pvc.request | quote }} - storageClassName: local-storage \ No newline at end of file + storage: {{ .Values.pv.request | quote }} + storageClassName: {{ .Values.pv.class }} \ No newline at end of file diff --git a/helm/values.yaml b/helm/values.yaml index ebfa052..4b7a6d9 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,40 +1,52 @@ -tls: - enabled: true - host: kube.slc.ar +shared: + host: &host kube.slc.ar + api: + name: &apiName "api" + port: &apiPort 5000 + tier: &apiTier "backend" + db: + name: &dbName "db" + port: &dbPort 5432 + tier: &dbTier "backend" + client: + name: &clientName "client" + port: &clientPort 8080 + tier: &clientTier "frontend" ingress: + ssl: true annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/use-regex: "true" hosts: - - host: kube.slc.ar + - host: *host paths: - path: /()(.*) name: "client" - port: 8080 + port: *clientPort - path: /api(/|$)(.*) name: "api" - port: 5000 + port: *apiPort tls: - secretName: exam-crt hosts: - - kube.slc.ar + - *host services: - api: - name: "api" - tier: "backend" - port: 5000 + name: *apiName + tier: *apiTier + port: *apiPort - client: - name: "client" - tier: "frontend" - port: 8080 + name: *clientName + tier: *clientTier + port: *clientPort target: 80 - - postgres: - name: "db" - tier: "backend" - port: 5432 + - db: + name: *dbName + tier: *dbTier + port: *dbPort # secrets.yaml secrets: @@ -42,34 +54,38 @@ secrets: password: "password1234" database-url: "postgresql://username:password1234@exam-db/api_prod" -pvc: +pv: class: local-storage request: 1Gi + path: /var/lib/minikube deployments: - api: - name: "api" - tier: "backend" + name: *apiName + tier: *apiTier env: app-settings: src.config.ProductionConfig - port: "5000" + port: *apiPort secrets: database-url: database-url image: repository: api tag: prod - port: 5000 + port: *apiPort + replicas: 3 + initContainer: + command: ['/bin/sh', '-c', 'until nc -z exam-db 5432; do sleep 1; done;'] + # cmd: ['sh', '-c', 'until pg_isready -U username -h exam-db -p 5432; do sleep 1; done'] - client: - tier: "frontend" - name: "client" + name: *clientName + tier: *clientTier image: repository: client tag: prod - port: 8080 - replicas: 3 + port: 80 - db: - tier: "backend" - name: "db" + name: *dbName + tier: *dbTier env: pgdata: /var/lib/postgresql/data/pgdata secrets: @@ -78,6 +94,8 @@ deployments: image: repository: db tag: 13.3 - port: 5432 + port: *dbPort mountPath: /var/lib/postgresql/data - storage: postgres-pv-storage + storage: pv-storage + probe: + command: ['/bin/sh', '-c', 'exec pg_isready -U "$(POSTGRES_USER)" -h localhost -p 5432;']