fix: Updated health checks to appropriate protocol (#164)

Signed-off-by: Kyle Morton <[email protected]> Signed-off-by: Kyle Morton <[email protected]> Co-authored-by: Kyle Morton <[email protected]>
edgexfoundry · Dec 9, 2022 · 86b0734 · 86b0734
1 parent ae28201
commit 86b0734
Show file tree

Hide file tree

Showing 15 changed files with 65 additions and 26 deletions.
diff --git a/...templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml b/...templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml
@@ -48,7 +48,7 @@ spec:
             name: edgex-common-variables
         env:
         - name: EDGEX_PROFILE
-          value: "edgex-app-external-mqtt-trigger"
+          value: "external-mqtt-trigger"
         - name: SERVICE_HOST
           value: {{.Values.edgex.app.appservice.externalmqtttrigger}}
         - name: WRITABLE_LOGLEVEL

diff --git a/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml b/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml
@@ -70,12 +70,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.appservice.httpexport}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.appservice.httpexport}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml b/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml
@@ -56,12 +56,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.bacnet}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.bacnet}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml b/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml
@@ -58,12 +58,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.gpio}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.gpio}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml b/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml
@@ -56,12 +56,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.modbus}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.modbus}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml b/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml
@@ -58,12 +58,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.mqtt}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.mqtt}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/...oyment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml b/...oyment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml
@@ -56,12 +56,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.onvifcamera}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.onvifcamera}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml b/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml
@@ -56,12 +56,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.rest}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.rest}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml b/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml
@@ -56,12 +56,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.rfidllrp}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.rfidllrp}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml b/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml
@@ -56,12 +56,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.snmp}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.snmp}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml b/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml
@@ -56,12 +56,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.usbcamera}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.usbcamera}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml b/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml
@@ -56,12 +56,14 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         startupProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.virtual}}
           periodSeconds: 1
           failureThreshold: 120
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /api/v2/ping
             port: {{.Values.edgex.port.device.virtual}}
       {{- if .Values.edgex.security.enabled }}
         volumeMounts:

diff --git a/...nt/helm/templates/edgex-security-bootstrapper/edgex-security-bootstrapper-deployment.yaml b/...nt/helm/templates/edgex-security-bootstrapper/edgex-security-bootstrapper-deployment.yaml
@@ -49,6 +49,14 @@ spec:
             memory: {{ .Values.edgex.resources.vault.requests.memory }}
             cpu: {{ .Values.edgex.resources.vault.requests.cpu }}
       {{- end}}
+        startupProbe:
+          tcpSocket:
+            port: {{.Values.edgex.bootstrap.port.start}}
+          periodSeconds: 1
+          failureThreshold: 120
+        livenessProbe:
+          tcpSocket:
+            port: {{.Values.edgex.bootstrap.port.start}}
       hostname: {{.Values.edgex.app.bootstrapper}}
       restartPolicy: Always
       securityContext:

diff --git a/deployment/helm/templates/edgex-vault/edgex-vault-deployment.yaml b/deployment/helm/templates/edgex-vault/edgex-vault-deployment.yaml
@@ -98,6 +98,14 @@ spec:
             memory: {{ .Values.edgex.resources.vault.requests.memory }}
             cpu: {{ .Values.edgex.resources.vault.requests.cpu }}
       {{- end}}
+        startupProbe:
+          tcpSocket:
+            port: {{.Values.edgex.port.vault}}
+          periodSeconds: 1
+          failureThreshold: 120
+        livenessProbe:
+          tcpSocket:
+            port: {{.Values.edgex.port.vault}}
       hostname: {{.Values.edgex.app.vault}}
       restartPolicy: Always
       securityContext:

diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml
@@ -228,6 +228,7 @@ edgex:
     modbussimulator: 1502
     mqttbroker: 1883
     natsserver: 4222
+    vault: 8200
 
   # ports used by security bootstrapping for stage gating edgex init
   bootstrap:
@@ -286,9 +287,9 @@ edgex:
     runAsUser: 2002
     runAsGroup: 2001
     tlsHost: edgex
-    addConsulRoles: "device-onvif-camera,device-usb-camera,device-mqtt,device-modbus,device-bacnet,device-snmp,device-rfid-llrp,device-gpio,app-mqtt-export,app-http-export"
-    addServiceTokens: "device-rest, device-virtual, device-onvif-camera, device-usb-camera, device-mqtt, device-modbus, device-bacnet, device-snmp, device-rfid-llrp, device-gpio, app-mqtt-export, app-http-export"
-    addKnownSecrets: "redisdb[app-rules-engine],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],redisdb[device-usb-camera],redisdb[device-mqtt],redisdb[device-modbus],redisdb[device-bacnet],redisdb[device-snmp],redisdb[device-rfid-llrp],redisdb[device-gpio],redisdb[app-mqtt-export],message-bus[app-mqtt-export],redisdb[app-http-export],message-bus[app-http-export],redisdb[app-sample],redisdb[app-metrics-influxdb],redisdb[app-rfid-llrp-inventory]"
+    addConsulRoles: "app-external-mqtt-trigger,app-http-export,app-mqtt-export,device-bacnet,device-gpio,device-modbus,device-mqtt,device-onvif-camera,device-rfid-llrp,device-snmp,device-usb-camera"
+    addServiceTokens: "app-external-mqtt-trigger, app-http-export, app-metrics-influxdb, app-mqtt-export, app-rfid-llrp-inventory, app-sample, device-bacnet, device-gpio, device-modbus, device-mqtt, device-onvif-camera, device-rest, device-rfid-llrp, device-snmp, device-usb-camera, device-virtual"
+    addKnownSecrets: "message-bus[app-mqtt-export],message-bus[app-http-export],redisdb[app-external-mqtt-trigger],redisdb[app-http-export],redisdb[app-metrics-influxdb], redisdb[app-metrics-influxdb],redisdb[app-mqtt-export],redisdb[app-rfid-llrp-inventory],redisdb[app-sample],redisdb[device-bacnet],redisdb[device-gpio],redisdb[device-modbus],redisdb[device-mqtt],redisdb[device-onvif-camera],redisdb[device-rest],redisdb[device-rfid-llrp],redisdb[device-snmp], redisdb[device-usb-camera],redisdb[device-virtual]"
 
   # resources defines the cpu and memory limits and requests for the respective application
   resources: