Fix liveness and readinessreadyness probe

Signed-off-by: Anisur Rahman <anisur@appscode.com>

Author: anisurrahman75

apis/installer/v1alpha1/aws_credential_manager_types.go

@@ -85,6 +85,10 @@ type AwsCredentialManagerSpec struct {
 	VolumeMounts   []core.VolumeMount `json:"volumeMounts"`
 	// +optional
 	Distro shared.DistroSpec `json:"distro"`
+	// +optional
+	Apiserver AwsCredentialManagerApiserver `json:"apiserver"`
+	// +optional
+	BucketAccessor BucketAccessor `json:"bucketAccessor"`
 }
 
 type ImageReference struct {
@@ -99,6 +103,23 @@ type ServiceSpec struct {
 	Port int    `json:"port"`
 }
 
+type AwsCredentialManagerApiserver struct {
+	GroupPriorityMinimum        int             `json:"groupPriorityMinimum"`
+	VersionPriority             int             `json:"versionPriority"`
+	EnableMutatingWebhook       bool            `json:"enableMutatingWebhook"`
+	EnableValidatingWebhook     bool            `json:"enableValidatingWebhook"`
+	Ca                          string          `json:"ca"`
+	BypassValidatingWebhookXray bool            `json:"bypassValidatingWebhookXray"`
+	UseKubeapiserverFqdnForAks  bool            `json:"useKubeapiserverFqdnForAks"`
+	Healthcheck                 HealthcheckSpec `json:"healthcheck"`
+	ServingCerts                ServingCerts    `json:"servingCerts"`
+}
+
+type BucketAccessor struct {
+	AwsMaxIntervalSeconds string `json:"awsMaxIntervalSeconds"`
+	AwsMaxWaitSeconds     string `json:"awsMaxWaitSeconds"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // AwsCredentialManagerList is a list of AwsCredentialManagers

apis/installer/v1alpha1/zz_generated.deepcopy.go

@@ -67,11 +67,13 @@ The following table lists the configurable parameters of the `aws-credential-man
 | service.port                          |                                                                                                                                                                                                                                                   | <code>8081</code>                                                                                                                                                                              |
 | resources                             |                                                                                                                                                                                                                                                   | <code>{}</code>                                                                                                                                                                                |
 | livenessProbe.httpGet.path            |                                                                                                                                                                                                                                                   | <code>/healthz</code>                                                                                                                                                                          |
-| livenessProbe.httpGet.port            |                                                                                                                                                                                                                                                   | <code>http</code>                                                                                                                                                                              |
+| livenessProbe.httpGet.port            |                                                                                                                                                                                                                                                   | <code>8081</code>                                                                                                                                                                              |
+| livenessProbe.httpGet.scheme          |                                                                                                                                                                                                                                                   | <code>HTTP</code>                                                                                                                                                                              |
 | livenessProbe.initialDelaySeconds     |                                                                                                                                                                                                                                                   | <code>15</code>                                                                                                                                                                                |
 | livenessProbe.periodSeconds           |                                                                                                                                                                                                                                                   | <code>20</code>                                                                                                                                                                                |
 | readinessProbe.httpGet.path           |                                                                                                                                                                                                                                                   | <code>/readyz</code>                                                                                                                                                                           |
-| readinessProbe.httpGet.port           |                                                                                                                                                                                                                                                   | <code>http</code>                                                                                                                                                                              |
+| readinessProbe.httpGet.port           |                                                                                                                                                                                                                                                   | <code>8081</code>                                                                                                                                                                              |
+| readinessProbe.httpGet.scheme         |                                                                                                                                                                                                                                                   | <code>HTTP</code>                                                                                                                                                                              |
 | readinessProbe.initialDelaySeconds    |                                                                                                                                                                                                                                                   | <code>5</code>                                                                                                                                                                                 |
 | readinessProbe.periodSeconds          |                                                                                                                                                                                                                                                   | <code>10</code>                                                                                                                                                                                |
 | volumes                               | Additional volumes on the output Deployment definition.                                                                                                                                                                                           | <code>[]</code>                                                                                                                                                                                |
@@ -95,7 +97,6 @@ The following table lists the configurable parameters of the `aws-credential-man
 | apiserver.servingCerts.caCrt          | CA certficate used by serving certificate of webhook server.                                                                                                                                                                                      | <code>""</code>                                                                                                                                                                                |
 | apiserver.servingCerts.serverCrt      | Serving certficate used by webhook server.                                                                                                                                                                                                        | <code>""</code>                                                                                                                                                                                |
 | apiserver.servingCerts.serverKey      | Private key for the serving certificate used by webhook server.                                                                                                                                                                                   | <code>""</code>                                                                                                                                                                                |
-| apiserver.webhook.failurePolicy       |                                                                                                                                                                                                                                                   | <code>Ignore</code>                                                                                                                                                                            |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:

charts/aws-credential-manager/README.md

@@ -51,8 +51,8 @@ spec:
             - --aws-max-interval-seconds={{ .Values.bucketAccessor.awsMaxIntervalSeconds }}
             - --aws-max-wait-seconds={{ .Values.bucketAccessor.awsMaxWaitSeconds }}
           ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
+            - containerPort: 9443
+              name: webhook-server
               protocol: TCP
           livenessProbe:
             {{- toYaml .Values.livenessProbe | nindent 12 }}

charts/aws-credential-manager/templates/deployment.yaml

@@ -1,8 +1,9 @@
+{{ template "aws-credential-manager.prepare-certs" $ }}
 {{- if .Values.apiserver.enableMutatingWebhook }}
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
-  name: {{ template "aws-credential-manager.fullname" . }}
+  name: {{ include "aws-credential-manager.fullname" . }}
   labels:
     {{- include "aws-credential-manager.labels" . | nindent 4 }}
 webhooks:
@@ -25,7 +26,7 @@ webhooks:
     clientConfig:
       service:
         namespace: {{ .Release.Namespace }}
-        name: {{ include "aws-credential-manager.fullname" . }}
+        name: {{ include "aws-credential-manager.webhookServiceName" . }}
         path: /mutate-batch-v1-job
-      caBundle: {{ .Values.apiserver.ca | b64enc }}
+      caBundle: {{ $._caCrt }}
 {{- end }}

charts/aws-credential-manager/templates/mutating-webhook.yaml

@@ -1,15 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "aws-credential-manager.fullname" . }}
+  name: {{ include "aws-credential-manager.webhookServiceName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "aws-credential-manager.labels" . | nindent 4 }}
 spec:
   ports:
-  - name: https
-    port: 8443
+  - port: 443
     protocol: TCP
-    targetPort: 8443
+    targetPort: 9443
   selector:
     {{- include "aws-credential-manager.labels" . | nindent 4 }}

charts/aws-credential-manager/templates/service.yaml

@@ -56,13 +56,15 @@ resources: {}
 livenessProbe:
   httpGet:
     path: /healthz
-    port: http
+    port: 8081
+    scheme: HTTP
   initialDelaySeconds: 15
   periodSeconds: 20
 readinessProbe:
   httpGet:
     path: /readyz
-    port: http
+    port: 8081
+    scheme: HTTP
   initialDelaySeconds: 5
   periodSeconds: 10
 # Additional volumes on the output Deployment definition.
@@ -123,6 +125,4 @@ apiserver:
     # Serving certficate used by webhook server.
     serverCrt: ""
     # Private key for the serving certificate used by webhook server.
-    serverKey: ""
-  webhook:
-    failurePolicy: Ignore
+    serverKey: ""