diff --git a/charts/ratify/templates/deployment.yaml b/charts/ratify/templates/deployment.yaml index f448d41b5..0df4017c4 100644 --- a/charts/ratify/templates/deployment.yaml +++ b/charts/ratify/templates/deployment.yaml @@ -38,6 +38,14 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.healthPort }} + readinessProbe: + httpGet: + path: /readyz + port: {{ .Values.healthPort }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -70,11 +78,15 @@ spec: - --metrics-enabled={{ .Values.instrumentation.metricsEnabled }} - --metrics-type={{ .Values.instrumentation.metricsType }} - --metrics-port={{ .Values.instrumentation.metricsPort }} + - --health-port=:{{ .Values.healthPort }} ports: - containerPort: 6001 {{- if .Values.instrumentation.metricsEnabled }} - containerPort: {{ required "You must provide .Values.instrumentation.metricsPort" .Values.instrumentation.metricsPort }} {{- end }} + - containerPort: {{ required "You must provide .Values.healthPort" .Values.healthPort }} + name: healthz + protocol: TCP volumeMounts: {{- if .Values.cosign.enabled }} - mountPath: "/usr/local/ratify-certs/cosign" diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index a50a25f15..4484ce853 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -87,6 +87,7 @@ provider: podAnnotations: {} podLabels: {} enableRuntimeDefaultSeccompProfile: true +healthPort: 9099 rbac: create: true diff --git a/cmd/ratify/cmd/serve.go b/cmd/ratify/cmd/serve.go index 4f011cf32..65ebb513c 100644 --- a/cmd/ratify/cmd/serve.go +++ b/cmd/ratify/cmd/serve.go @@ -47,6 +47,7 @@ type serveCmdOptions struct { metricsEnabled bool metricsType string metricsPort int + healthPort string } func NewCmdServe(_ ...string) *cobra.Command { @@ -77,6 +78,7 @@ func NewCmdServe(_ ...string) *cobra.Command { flags.BoolVar(&opts.metricsEnabled, "metrics-enabled", false, "Enable metrics exporter if enabled (default: false)") flags.StringVar(&opts.metricsType, "metrics-type", httpserver.DefaultMetricsType, fmt.Sprintf("Metrics exporter type to use (default: %s)", httpserver.DefaultMetricsType)) flags.IntVar(&opts.metricsPort, "metrics-port", httpserver.DefaultMetricsPort, fmt.Sprintf("Metrics exporter port to use (default: %d)", httpserver.DefaultMetricsPort)) + flags.StringVar(&opts.healthPort, "health-port", httpserver.DefaultHealthPort, fmt.Sprintf("Health port to use (default: %s)", httpserver.DefaultHealthPort)) return cmd } @@ -100,7 +102,7 @@ func serve(opts serveCmdOptions) error { if opts.enableCrdManager { certRotatorReady := make(chan struct{}) logrus.Infof("starting crd manager") - go manager.StartManager(certRotatorReady) + go manager.StartManager(certRotatorReady, opts.healthPort) manager.StartServer(opts.httpServerAddress, opts.configFilePath, opts.certDirectory, opts.caCertFile, opts.cacheTTL, opts.metricsEnabled, opts.metricsType, opts.metricsPort, certRotatorReady) return nil diff --git a/httpserver/server.go b/httpserver/server.go index 6e31b959f..c52daf19d 100644 --- a/httpserver/server.go +++ b/httpserver/server.go @@ -46,6 +46,7 @@ const ( DefaultMetricsType = "prometheus" DefaultMetricsPort = 8888 + DefaultHealthPort = ":9099" ) type Server struct { diff --git a/pkg/manager/manager.go b/pkg/manager/manager.go index 745928464..ea045df62 100644 --- a/pkg/manager/manager.go +++ b/pkg/manager/manager.go @@ -142,12 +142,11 @@ func StartServer(httpServerAddress, configFilePath, certDirectory, caCertFile st } } -func StartManager(certRotatorReady chan struct{}) { +func StartManager(certRotatorReady chan struct{}, probeAddr string) { var metricsAddr string var enableLeaderElection bool - var probeAddr string + flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") - flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") @@ -179,6 +178,8 @@ func StartManager(certRotatorReady chan struct{}) { os.Exit(1) } + setupLog.Debugf("setting up probeAddr at %s", probeAddr) + // Make sure certs are generated and valid if cert rotation is enabled. if featureflag.CertRotation.Enabled { // Make sure TLS cert watcher is already set up.