From 86b0734e922025a21de8c3d3673463ac0638b04d Mon Sep 17 00:00:00 2001 From: "Dr. Kyle Morton" Date: Fri, 9 Dec 2022 14:14:51 -0600 Subject: [PATCH] fix: Updated health checks to appropriate protocol (#164) Signed-off-by: Kyle Morton Signed-off-by: Kyle Morton Co-authored-by: Kyle Morton --- .../edgex-app-external-mqtt-trigger-deployment.yaml | 2 +- .../edgex-app-http-export-deployment.yaml | 6 ++++-- .../edgex-device-bacnet-deployment.yaml | 6 ++++-- .../edgex-device-gpio/edgex-device-gpio-deployment.yaml | 6 ++++-- .../edgex-device-modbus-deployment.yaml | 6 ++++-- .../edgex-device-mqtt/edgex-device-mqtt-deployment.yaml | 6 ++++-- .../edgex-device-onvif-camera-deployment.yaml | 6 ++++-- .../edgex-device-rest/edgex-device-rest-deployment.yaml | 6 ++++-- .../edgex-device-rfid-llrp-deployment.yaml | 6 ++++-- .../edgex-device-snmp/edgex-device-snmp-deployment.yaml | 6 ++++-- .../edgex-device-usb-camera-deployment.yaml | 6 ++++-- .../edgex-device-virtual-deployment.yaml | 6 ++++-- .../edgex-security-bootstrapper-deployment.yaml | 8 ++++++++ .../templates/edgex-vault/edgex-vault-deployment.yaml | 8 ++++++++ deployment/helm/values.yaml | 7 ++++--- 15 files changed, 65 insertions(+), 26 deletions(-) diff --git a/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml b/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml index 71665565..38682d33 100644 --- a/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml +++ b/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml @@ -48,7 +48,7 @@ spec: name: edgex-common-variables env: - name: EDGEX_PROFILE - value: "edgex-app-external-mqtt-trigger" + value: "external-mqtt-trigger" - name: SERVICE_HOST value: {{.Values.edgex.app.appservice.externalmqtttrigger}} - name: WRITABLE_LOGLEVEL diff --git a/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml b/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml index 0bb9851b..eb28044d 100644 --- a/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml +++ b/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml @@ -70,12 +70,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.appservice.httpexport}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.appservice.httpexport}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml b/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml index 8a047b51..d49ed556 100644 --- a/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml +++ b/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml @@ -56,12 +56,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.bacnet}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.bacnet}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml b/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml index a041afb5..201dfed4 100644 --- a/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml +++ b/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml @@ -58,12 +58,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.gpio}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.gpio}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml b/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml index ab7640f1..4f1beb11 100644 --- a/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml +++ b/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml @@ -56,12 +56,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.modbus}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.modbus}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml b/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml index 1ceb65b1..82aa3315 100644 --- a/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml +++ b/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml @@ -58,12 +58,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.mqtt}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.mqtt}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml b/deployment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml index 77566a31..e50c4f12 100644 --- a/deployment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml +++ b/deployment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml @@ -56,12 +56,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.onvifcamera}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.onvifcamera}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml b/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml index 2ffe7af3..d6506719 100644 --- a/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml +++ b/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml @@ -56,12 +56,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.rest}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.rest}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml b/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml index 5f1b11b1..b782ead8 100644 --- a/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml +++ b/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml @@ -56,12 +56,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.rfidllrp}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.rfidllrp}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml b/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml index d3062f5e..f2ddddbd 100644 --- a/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml +++ b/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml @@ -56,12 +56,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.snmp}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.snmp}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml b/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml index c87d6045..a4f39104 100644 --- a/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml +++ b/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml @@ -56,12 +56,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.usbcamera}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.usbcamera}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml b/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml index aa0bdd50..e444006c 100644 --- a/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml +++ b/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml @@ -56,12 +56,14 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true startupProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.virtual}} periodSeconds: 1 failureThreshold: 120 livenessProbe: - tcpSocket: + httpGet: + path: /api/v2/ping port: {{.Values.edgex.port.device.virtual}} {{- if .Values.edgex.security.enabled }} volumeMounts: diff --git a/deployment/helm/templates/edgex-security-bootstrapper/edgex-security-bootstrapper-deployment.yaml b/deployment/helm/templates/edgex-security-bootstrapper/edgex-security-bootstrapper-deployment.yaml index 07ad0065..16dc7c47 100644 --- a/deployment/helm/templates/edgex-security-bootstrapper/edgex-security-bootstrapper-deployment.yaml +++ b/deployment/helm/templates/edgex-security-bootstrapper/edgex-security-bootstrapper-deployment.yaml @@ -49,6 +49,14 @@ spec: memory: {{ .Values.edgex.resources.vault.requests.memory }} cpu: {{ .Values.edgex.resources.vault.requests.cpu }} {{- end}} + startupProbe: + tcpSocket: + port: {{.Values.edgex.bootstrap.port.start}} + periodSeconds: 1 + failureThreshold: 120 + livenessProbe: + tcpSocket: + port: {{.Values.edgex.bootstrap.port.start}} hostname: {{.Values.edgex.app.bootstrapper}} restartPolicy: Always securityContext: diff --git a/deployment/helm/templates/edgex-vault/edgex-vault-deployment.yaml b/deployment/helm/templates/edgex-vault/edgex-vault-deployment.yaml index 853db4ee..9b7b87d6 100644 --- a/deployment/helm/templates/edgex-vault/edgex-vault-deployment.yaml +++ b/deployment/helm/templates/edgex-vault/edgex-vault-deployment.yaml @@ -98,6 +98,14 @@ spec: memory: {{ .Values.edgex.resources.vault.requests.memory }} cpu: {{ .Values.edgex.resources.vault.requests.cpu }} {{- end}} + startupProbe: + tcpSocket: + port: {{.Values.edgex.port.vault}} + periodSeconds: 1 + failureThreshold: 120 + livenessProbe: + tcpSocket: + port: {{.Values.edgex.port.vault}} hostname: {{.Values.edgex.app.vault}} restartPolicy: Always securityContext: diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml index 7ad21ab5..333c9b32 100644 --- a/deployment/helm/values.yaml +++ b/deployment/helm/values.yaml @@ -228,6 +228,7 @@ edgex: modbussimulator: 1502 mqttbroker: 1883 natsserver: 4222 + vault: 8200 # ports used by security bootstrapping for stage gating edgex init bootstrap: @@ -286,9 +287,9 @@ edgex: runAsUser: 2002 runAsGroup: 2001 tlsHost: edgex - addConsulRoles: "device-onvif-camera,device-usb-camera,device-mqtt,device-modbus,device-bacnet,device-snmp,device-rfid-llrp,device-gpio,app-mqtt-export,app-http-export" - addServiceTokens: "device-rest, device-virtual, device-onvif-camera, device-usb-camera, device-mqtt, device-modbus, device-bacnet, device-snmp, device-rfid-llrp, device-gpio, app-mqtt-export, app-http-export" - addKnownSecrets: "redisdb[app-rules-engine],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],redisdb[device-usb-camera],redisdb[device-mqtt],redisdb[device-modbus],redisdb[device-bacnet],redisdb[device-snmp],redisdb[device-rfid-llrp],redisdb[device-gpio],redisdb[app-mqtt-export],message-bus[app-mqtt-export],redisdb[app-http-export],message-bus[app-http-export],redisdb[app-sample],redisdb[app-metrics-influxdb],redisdb[app-rfid-llrp-inventory]" + addConsulRoles: "app-external-mqtt-trigger,app-http-export,app-mqtt-export,device-bacnet,device-gpio,device-modbus,device-mqtt,device-onvif-camera,device-rfid-llrp,device-snmp,device-usb-camera" + addServiceTokens: "app-external-mqtt-trigger, app-http-export, app-metrics-influxdb, app-mqtt-export, app-rfid-llrp-inventory, app-sample, device-bacnet, device-gpio, device-modbus, device-mqtt, device-onvif-camera, device-rest, device-rfid-llrp, device-snmp, device-usb-camera, device-virtual" + addKnownSecrets: "message-bus[app-mqtt-export],message-bus[app-http-export],redisdb[app-external-mqtt-trigger],redisdb[app-http-export],redisdb[app-metrics-influxdb], redisdb[app-metrics-influxdb],redisdb[app-mqtt-export],redisdb[app-rfid-llrp-inventory],redisdb[app-sample],redisdb[device-bacnet],redisdb[device-gpio],redisdb[device-modbus],redisdb[device-mqtt],redisdb[device-onvif-camera],redisdb[device-rest],redisdb[device-rfid-llrp],redisdb[device-snmp], redisdb[device-usb-camera],redisdb[device-virtual]" # resources defines the cpu and memory limits and requests for the respective application resources: