Add liveness and readiness probes (and use initContainer)

README.md

@@ -18,12 +18,11 @@ services:
 
 ----------
 
-En `ingress` se repite el `host` por dos razones:
+En `ingress` se repite el `host` debido a facilita que la api pueda estar en otro dominio, si así se desea:
-
-1) Si quisieran que la api esté en otro dominio se pueda hacer fácilmente mediante:
 
 ```yaml
 ingress:
+  ssl: true
   annotations:
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
   hosts:
@@ -44,6 +43,4 @@ ingress:
        - kube.slc.ar
        - api.kube.slc.ar
 ```
-2) No se pueden reutilizar variables en YAML. Existe la posibilidad de usar YAML anchors pero en la [documentación](https://helm.sh/docs/chart_template_guide/yaml_techniques/#yaml-anchors) no lo recomiendan: "Because Helm and Kubernetes often read, modify, and then rewrite YAML files, the anchors will be lost." 
 
-TODO: probar igual los anchors

helm/templates/_helpers.tpl

@@ -65,7 +65,7 @@ Create the name of the service account to use
 Return true if a TLS secret should be created
 */}}
 {{- define "exam.createTlsSecret" -}}
-{{- if and .Values.tls.enabled (not .Values.tls.certificatesSecret) -}}
+{{- if .Values.ingress.ssl -}}
     {{- true -}}
 {{- end -}}
 {{- end -}}
@@ -97,5 +97,19 @@ Search already generated TLS secret
 Get host
 */}}
 {{- define "exam.host" -}}
-{{- default "kube-exam.local" .Values.tls.host -}}
+{{- default "kube-exam.local" .Values.shared.host -}}
+{{- end -}}
+
+{{/*
+Get secrets name
+*/}}
+{{- define "exam.secrets" -}}
+{{ include "exam.fullname" . }}-secrets
+{{- end -}}
+
+{{/*
+Get pv-claim name
+*/}}
+{{- define "exam.pvclaim" -}}
+{{ include "exam.fullname" . }}-pv-claim
 {{- end -}}

helm/templates/deployment.yaml

@@ -21,6 +21,16 @@ spec:
         tier: {{ .tier }}
       {{- include "exam.selectorLabels" $ | nindent 8 }}
     spec:
+      {{- if .initContainer }}
+      initContainers:
+        - name: {{ .name }}-init
+          {{- with .image }}
+          image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
+          {{- end }}
+          {{- with .initContainer }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+      {{- end }}
       containers:
         - name: {{ .name }}
           {{- with .image }}
@@ -43,8 +53,7 @@ spec:
             - name: {{ $envKey }}
               valueFrom:
                 secretKeyRef:
-                # TODO
+                  name: {{ include "exam.secrets" $ }}
-                name: {{ include "exam.fullname" $ }}-secrets
                   key: {{ $val }}
             {{- end }}
             {{- end }}
@@ -52,6 +61,29 @@ spec:
             {{- end }}
           {{- end }}
           resources: {}
+          {{- if not .probe }}
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: {{ .port }}
+              scheme: HTTP
+            initialDelaySeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: {{ .port }}
+              scheme: HTTP
+            initialDelaySeconds: 10
+          {{- else }}
+          livenessProbe:
+            exec:
+              {{- toYaml .probe | nindent 14 }}
+            initialDelaySeconds: 5
+          readinessProbe:
+            exec:
+              {{- toYaml .probe | nindent 14 }}
+            initialDelaySeconds: 5
+          {{- end }}
           {{- if .mountPath }}
           volumeMounts:
             - mountPath: {{ .mountPath }}
@@ -61,7 +93,6 @@ spec:
       volumes:
         - name: {{ .storage }}
           persistentVolumeClaim:
-          # TODO
+            claimName: {{ include "exam.pvclaim" $ }}
-          claimName: {{ include "exam.fullname" $ }}-postgres-pv-claim
       {{- end }}
 {{- end }}

helm/templates/volume.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{ include "exam.fullname" . }}-postgres-pv
+  name: {{ include "exam.fullname" . }}-pv
   labels:
     type: local
   {{- include "exam.labels" . | nindent 4 }}
@@ -9,11 +9,11 @@ spec:
   accessModes:
   - ReadWriteOnce
   capacity:
-    storage: {{ .Values.pvc.request | quote }}
+    storage: {{ .Values.pv.request | quote  }}
   local:
-    path: /var/lib/minikube
+    path: {{ .Values.pv.path | quote }}
   persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-storage
+  storageClassName: {{ .Values.pv.class }}
   volumeMode: Filesystem
   nodeAffinity:
     required:
@@ -27,7 +27,7 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{ include "exam.fullname" . }}-postgres-pv-claim
+  name: {{ include "exam.pvclaim" $ }}
   labels:
     app: db
   {{- include "exam.labels" . | nindent 4 }}
@@ -36,5 +36,5 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.pvc.request | quote }}
+      storage: {{ .Values.pv.request | quote }}
-  storageClassName: local-storage
+  storageClassName: {{ .Values.pv.class }}

helm/values.yaml

@@ -1,40 +1,52 @@
-tls:
+shared:
-  enabled: true
+  host: &host kube.slc.ar
-  host: kube.slc.ar
+  api:
+    name: &apiName "api" 
+    port: &apiPort 5000
+    tier: &apiTier "backend"
+  db:
+    name: &dbName "db"
+    port: &dbPort 5432
+    tier: &dbTier "backend"
+  client:
+    name: &clientName "client"
+    port: &clientPort 8080
+    tier: &clientTier "frontend"
 
 ingress:
+  ssl: true
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /$2
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/use-regex: "true"
   hosts:
-    - host: kube.slc.ar
+    - host: *host
       paths:
         - path: /()(.*)
           name: "client"
-          port: 8080
+          port: *clientPort
         - path: /api(/|$)(.*)
           name: "api"
-          port: 5000
+          port: *apiPort
   tls:
    - secretName: exam-crt
      hosts:
-       - kube.slc.ar
+       - *host
 
 services:
   - api:
-    name: "api"
+    name: *apiName
-    tier: "backend"
+    tier: *apiTier
-    port: 5000
+    port: *apiPort
   - client:
-    name: "client"
+    name: *clientName
-    tier: "frontend"
+    tier: *clientTier
-    port: 8080
+    port: *clientPort
     target: 80
-  - postgres:
+  - db:
-    name: "db"
+    name: *dbName
-    tier: "backend"
+    tier: *dbTier
-    port: 5432
+    port: *dbPort
 
 # secrets.yaml
 secrets:
@@ -42,34 +54,38 @@ secrets:
   password: "password1234"
   database-url: "postgresql://username:password1234@exam-db/api_prod"
 
-pvc:
+pv:
   class: local-storage
   request: 1Gi
+  path: /var/lib/minikube
 
 deployments:
   - api:
-    name: "api"
+    name: *apiName
-    tier: "backend"
+    tier: *apiTier
     env:
       app-settings: src.config.ProductionConfig
-      port: "5000"
+      port: *apiPort
       secrets:
         database-url: database-url
     image:
       repository: api
       tag: prod
-    port: 5000
+    port: *apiPort
+    replicas: 3
+    initContainer:
+      command: ['/bin/sh', '-c', 'until nc -z exam-db 5432; do sleep 1; done;']
+      # cmd: ['sh', '-c', 'until pg_isready -U username -h exam-db -p 5432; do sleep 1; done']
   - client:
-    tier: "frontend"
+    name: *clientName
-    name: "client"
+    tier: *clientTier
     image:
       repository: client
       tag: prod
-    port: 8080
+    port: 80
-    replicas: 3
   - db:
-    tier: "backend"
+    name: *dbName
-    name: "db"
+    tier: *dbTier
     env:
       pgdata: /var/lib/postgresql/data/pgdata
       secrets:
@@ -78,6 +94,8 @@ deployments:
     image:
       repository: db
       tag: 13.3
-    port: 5432
+    port: *dbPort
     mountPath: /var/lib/postgresql/data
-    storage: postgres-pv-storage
+    storage: pv-storage
+    probe:
+      command: ['/bin/sh', '-c', 'exec pg_isready -U "$(POSTGRES_USER)" -h localhost -p 5432;']