feat(operator): custom probe scripts from configmaps with override option

Author: mvasilenko

README.md

@@ -91,6 +91,39 @@ kubectl patch dragonfly dragonfly-sample --type merge -p '{"spec":{"resources":{
 
 To add authentication to the dragonfly pods, you either set the `DFLY_requirepass` environment variable, or add the `--requirepass` argument.
 
+### Customising health-check probe scripts
+
+The operator generates default liveness, readiness, and startup probe scripts and mounts them via ConfigMaps. You can replace any probe with your own script using the `custom*ProbeConfigMap` fields.
+
+Scripts run inside the Dragonfly container and have access to `HEALTHCHECK_PORT` (admin port 9999 — no TLS, no auth).
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dragonfly-sample-probes
+  namespace: default
+data:
+  liveness-check.sh: |
+    #!/bin/sh
+    RESPONSE=$(timeout 4 redis-cli -h localhost -p ${HEALTHCHECK_PORT:-9999} PING 2>/dev/null)
+    case "$RESPONSE" in
+      PONG|*LOADING*) exit 0 ;;
+      *)              exit 1 ;;
+    esac
+---
+apiVersion: dragonflydb.io/v1alpha1
+kind: Dragonfly
+metadata:
+  name: dragonfly-sample
+spec:
+  replicas: 1
+  customLivenessProbeConfigMap:
+    name: dragonfly-sample-probes
+```
+
+> **Override precedence:** `spec.additionalVolumes` with a matching volume name (`liveness-probe`, `readiness-probe`, `startup-probe`) takes precedence over `custom*ProbeConfigMap`. Do not use both for the same probe.
+
 ### Deleting a Dragonfly instance
 
 To delete a Dragonfly instance, you can run

api/v1alpha1/dragonfly_types.go

@@ -196,6 +196,21 @@ type DragonflySpec struct {
 	// +optional
 	// +kubebuilder:validation:Optional
 	Pdb *PdbSpec `json:"pdb,omitempty"`
+
+	// (Optional) Custom ConfigMap with key "liveness-check.sh" to override the default liveness probe.
+	// +optional
+	// +kubebuilder:validation:Optional
+	CustomLivenessProbeConfigMap *corev1.LocalObjectReference `json:"customLivenessProbeConfigMap,omitempty"`
+
+	// (Optional) Custom ConfigMap with key "readiness-check.sh" to override the default readiness probe.
+	// +optional
+	// +kubebuilder:validation:Optional
+	CustomReadinessProbeConfigMap *corev1.LocalObjectReference `json:"customReadinessProbeConfigMap,omitempty"`
+
+	// (Optional) Custom ConfigMap with key "startup-check.sh" to override the default startup probe.
+	// +optional
+	// +kubebuilder:validation:Optional
+	CustomStartupProbeConfigMap *corev1.LocalObjectReference `json:"customStartupProbeConfigMap,omitempty"`
 }
 
 // PdbSpec defines the desired state of the PodDisruptionBudget

api/v1alpha1/zz_generated.deepcopy.go

@@ -4461,6 +4461,60 @@ spec:
                         type: string
                     type: object
                 type: object
+              customLivenessProbeConfigMap:
+                description: |-
+                  (Optional) Custom ConfigMap for the liveness probe script.
+                  Must contain key "liveness-check.sh". Overrides the operator-embedded default.
+                  Note: if spec.additionalVolumes also contains a volume named "liveness-probe",
+                  it takes precedence over this field. Do not use both for the same probe.
+                properties:
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              customReadinessProbeConfigMap:
+                description: |-
+                  (Optional) Custom ConfigMap for the readiness probe script.
+                  Must contain key "readiness-check.sh". Overrides the operator-embedded default.
+                  Note: if spec.additionalVolumes also contains a volume named "readiness-probe",
+                  it takes precedence over this field. Do not use both for the same probe.
+                properties:
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              customStartupProbeConfigMap:
+                description: |-
+                  (Optional) Custom ConfigMap for the startup probe script.
+                  Must contain key "startup-check.sh". Overrides the operator-embedded default.
+                  Note: if spec.additionalVolumes also contains a volume named "startup-probe",
+                  it takes precedence over this field. Do not use both for the same probe.
+                properties:
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
               enableReplicationReadinessGate:
                 description: |-
                   (Optional) When enabled, adds a custom readiness gate to pods that prevents

config/crd/bases/dragonflydb.io_dragonflies.yaml

@@ -7,13 +7,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
+  - configmaps
   - pods
   - services
   verbs:
@@ -24,6 +18,13 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
 - apiGroups:
   - ""
   resources:

config/rbac/role.yaml

@@ -28,12 +28,12 @@ import (
 	"strings"
 	"time"
 
-	"github.com/redis/go-redis/v9"
 	resourcesv1 "github.com/dragonflydb/dragonfly-operator/api/v1alpha1"
 	"github.com/dragonflydb/dragonfly-operator/internal/controller"
 	"github.com/dragonflydb/dragonfly-operator/internal/resources"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"github.com/redis/go-redis/v9"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -136,10 +136,9 @@ var _ = Describe("Dragonfly Lifecycle tests", Ordered, FlakeAttempts(3), func()
 			err := k8sClient.Create(ctx, &df)
 			Expect(err).To(BeNil())
 
-			// Wait until Dragonfly object is marked initialized
-			waitForDragonflyPhase(ctx, k8sClient, name, namespace, controller.PhaseResourcesCreated, 2*time.Minute)
-			waitForStatefulSetReady(ctx, k8sClient, name, namespace, 2*time.Minute)
-
+			// Wait for master election, then for all replicas to be Ready
+			waitForDragonflyPhase(ctx, k8sClient, name, namespace, controller.PhaseReady, 3*time.Minute)
+			waitForStatefulSetReady(ctx, k8sClient, name, namespace, 3*time.Minute)
 		})
 
 		var ss appsv1.StatefulSet
@@ -714,8 +713,8 @@ var _ = Describe("Dragonfly tiering test with single replica", Ordered, FlakeAtt
 		})
 
 		It("Resources should exist", func() {
-			// Wait until Dragonfly object is marked initialized
-			waitForDragonflyPhase(ctx, k8sClient, name, namespace, controller.PhaseResourcesCreated, 2*time.Minute)
+			// Wait until Dragonfly object is marked initialized and master is elected
+			waitForDragonflyPhase(ctx, k8sClient, name, namespace, controller.PhaseReady, 2*time.Minute)
 			waitForStatefulSetReady(ctx, k8sClient, name, namespace, 2*time.Minute)
 
 			// Check for service and statefulset
@@ -833,8 +832,8 @@ var _ = Describe("Dragonfly PVC Test with single replica", Ordered, FlakeAttempt
 		})
 
 		It("Resources should exist", func() {
-			// Wait until Dragonfly object is marked initialized
-			waitForDragonflyPhase(ctx, k8sClient, name, namespace, controller.PhaseResourcesCreated, 2*time.Minute)
+			// Wait until Dragonfly object is marked initialized and master is elected
+			waitForDragonflyPhase(ctx, k8sClient, name, namespace, controller.PhaseReady, 2*time.Minute)
 			waitForStatefulSetReady(ctx, k8sClient, name, namespace, 2*time.Minute)
 
 			// Check for service and statefulset
@@ -888,6 +887,10 @@ var _ = Describe("Dragonfly PVC Test with single replica", Ordered, FlakeAttempt
 			// Wait until Dragonfly object is marked initialized
 			waitForDragonflyPhase(ctx, k8sClient, name, namespace, controller.PhaseReady, 2*time.Minute)
 			waitForStatefulSetReady(ctx, k8sClient, name, namespace, 2*time.Minute)
+			// Phase may already be Ready from before deletion; wait explicitly for the
+			// lifecycle controller to finish master election on the recreated pod.
+			err = waitForMasterPod(ctx, k8sClient, name, namespace, 2*time.Minute)
+			Expect(err).To(BeNil())
 			// check if the pod is created
 			err = k8sClient.Get(ctx, types.NamespacedName{
 				Name:      fmt.Sprintf("%s-0", name),

e2e/dragonfly_controller_test.go

@@ -66,6 +66,28 @@ func parseTieredEntriesFromInfo(info string) (int64, error) {
 	return 0, fmt.Errorf("tiered_entries not found")
 }
 
+// waitForMasterPod polls until at least one pod with role=master exists. Use this
+// after waitForStatefulSetReady to guarantee the lifecycle controller has finished
+// master election before the test tries to connect.
+func waitForMasterPod(ctx context.Context, c client.Client, name, namespace string, maxDuration time.Duration) error {
+	ctx, cancel := context.WithTimeout(ctx, maxDuration)
+	defer cancel()
+	for {
+		select {
+		case <-ctx.Done():
+			return fmt.Errorf("timed out waiting for master pod for %s", name)
+		default:
+			var pods corev1.PodList
+			if err := c.List(ctx, &pods, client.InNamespace(namespace), client.MatchingLabels{
+				resources.DragonflyNameLabelKey: name,
+				resources.RoleLabelKey:          resources.Master,
+			}); err == nil && len(pods.Items) > 0 {
+				return nil
+			}
+		}
+	}
+}
+
 func waitForStatefulSetReady(ctx context.Context, c client.Client, name, namespace string, maxDuration time.Duration) error {
 	ctx, cancel := context.WithTimeout(ctx, maxDuration)
 	defer cancel()

e2e/util.go

@@ -45,6 +45,7 @@ type DragonflyReconciler struct {
 //+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to

internal/controller/dragonfly_controller.go

@@ -744,6 +744,12 @@ func resourceSpecsEqual(desired, existing client.Object) bool {
 	if !reflect.DeepEqual(desired.GetLabels(), existing.GetLabels()) || !reflect.DeepEqual(desired.GetAnnotations(), existing.GetAnnotations()) {
 		return false
 	}
+	// ConfigMaps store content in .Data, not .Spec — compare Data directly.
+	if cmDesired, ok := desired.(*corev1.ConfigMap); ok {
+		if cmExisting, ok := existing.(*corev1.ConfigMap); ok {
+			return reflect.DeepEqual(cmDesired.Data, cmExisting.Data)
+		}
+	}
 	// Compare only the .Spec field using reflection
 	desiredV := reflect.ValueOf(desired).Elem()
 	existingV := reflect.ValueOf(existing).Elem()

internal/controller/dragonfly_instance.go

@@ -32,10 +32,10 @@ func makePod(name string) corev1.Pod {
 
 func TestSelectMasterCandidate(t *testing.T) {
 	tests := []struct {
-		name         string
-		pods         []corev1.Pod
-		readyPods    map[string]bool // pod names that are considered ready
-		wantName     string          // expected winner; "" means nil result
+		name      string
+		pods      []corev1.Pod
+		readyPods map[string]bool // pod names that are considered ready
+		wantName  string          // expected winner; "" means nil result
 	}{
 		{
 			name:      "no pods",