From cadee100bc6bf92397082198a44e3168e93c0fe7 Mon Sep 17 00:00:00 2001 From: Manan Kothari Date: Wed, 22 May 2024 13:09:34 -0500 Subject: [PATCH 1/5] fix(probes) allows overriding the default liveness/readiness probe with custom commands --- charts/kong/CHANGELOG.md | 12 +++++++----- charts/kong/README.md | 23 +++++++++++++---------- charts/kong/templates/deployment.yaml | 23 ++++++++++++++++++++++- charts/kong/values.yaml | 2 ++ 4 files changed, 44 insertions(+), 16 deletions(-) diff --git a/charts/kong/CHANGELOG.md b/charts/kong/CHANGELOG.md index 1189420fd..7dee70fe6 100644 --- a/charts/kong/CHANGELOG.md +++ b/charts/kong/CHANGELOG.md @@ -2,6 +2,8 @@ ## Unreleased +* Allows overriding the liveness/readiness probes to use a command, default behavior is not changed + ### Changes * Updated handling of `session_conf_secret` to accommodate Kong 3.6. @@ -209,7 +211,7 @@ ## 2.26.5 -### Fixed +### Fixed * Kuma ServiceAccount Token hints and volumes are also available in migrations Pods. @@ -217,19 +219,19 @@ ## 2.26.4 -### Fixed +### Fixed -* updated `admin_api_uri` to `admin_gui_api_url` as per [kong documentation](https://docs.konghq.com/gateway/3.4.x/reference/configuration/#admin_api_uri). +* updated `admin_api_uri` to `admin_gui_api_url` as per [kong documentation](https://docs.konghq.com/gateway/3.4.x/reference/configuration/#admin_api_uri). ## 2.26.3 -### Fixed +### Fixed * Enabled Service and Ingress in Kong Manager for non enterprise users. ## 2.26.2 -### Fixed +### Fixed * Add missing CRD KongConsumerGroup and extend status subresource for CRDs diff --git a/charts/kong/README.md b/charts/kong/README.md index b6d92c1b7..cb4b17507 100644 --- a/charts/kong/README.md +++ b/charts/kong/README.md @@ -19,6 +19,9 @@ helm install kong/kong --generate-name ## Table of contents +- [Kong for Kubernetes](#kong-for-kubernetes) +- [TL;DR;](#tldr) +- [Table of contents](#table-of-contents) - [Prerequisites](#prerequisites) - [Install](#install) - [Uninstall](#uninstall) @@ -57,6 +60,8 @@ helm install kong/kong --generate-name - [Ingress Controller Parameters](#ingress-controller-parameters) - [The `env` section](#the-env-section) - [The `customEnv` section](#the-customenv-section) + - [The `gatewayDiscovery` section](#the-gatewaydiscovery-section) + - [Configuration](#configuration-1) - [General Parameters](#general-parameters) - [The `env` section](#the-env-section-1) - [The `customEnv` section](#the-customenv-section-1) @@ -71,9 +76,7 @@ helm install kong/kong --generate-name - [Sessions](#sessions) - [Email/SMTP](#emailsmtp) - [Prometheus Operator integration](#prometheus-operator-integration) -- [Argo CD considerations](#argo-cd-considerations) -- [Changelog](https://github.com/Kong/charts/blob/main/charts/kong/CHANGELOG.md) -- [Upgrading](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md) +- [Argo CD Considerations](#argo-cd-considerations) - [Seeking help](#seeking-help) ## Prerequisites @@ -464,7 +467,7 @@ listens if you do not provide your own. The chart can create configure them for you. To use this integration, install cert-manager, create an issuer, set `certificates.enabled: true` in values.yaml, and set your issuer name in `certificates.issuer` or `certificates.clusterIssuer` depending on the -issuer type. +issuer type. If you do not have an issuer available, you can install the example [self-signed ClusterIssuer](https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers) and set `certificates.clusterIssuer: selfsigned-issuer` for testing. You @@ -705,7 +708,7 @@ or `ingress` sections, as it is used only for stream listens. #### Admin Service mTLS -On top of the common parameters listed above, the `admin` service supports parameters for mTLS client verification. +On top of the common parameters listed above, the `admin` service supports parameters for mTLS client verification. If any of `admin.tls.client.caBundle` or `admin.tls.client.secretName` are set, the admin service will be configured to require mTLS client verification. If both are set, `admin.tls.client.caBundle` will take precedence. @@ -879,8 +882,8 @@ On the Gateway release side, set either `admin.tls.client.secretName` to the nam | autoscaling.targetCPUUtilizationPercentage | Target Percentage for when autoscaling takes affect. Only used if cluster does not support `autoscaling/v2` or `autoscaling/v2beta2` | `80` | | autoscaling.metrics | metrics used for autoscaling for clusters that supports `autoscaling/v2` or `autoscaling/v2beta2` | See [values.yaml](values.yaml) | | updateStrategy | update strategy for deployment | `{}` | -| readinessProbe | Kong readiness probe | | -| livenessProbe | Kong liveness probe | | +| readinessProbe | Kong readiness probe | See [values.yaml](values.yaml#L826) | +| livenessProbe | Kong liveness probe | See [values.yaml](values.yaml#L838) | | startupProbe | Kong startup probe | | | lifecycle | Proxy container lifecycle hooks | see `values.yaml` | | terminationGracePeriodSeconds | Sets the [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution) for Deployment pods | 30 | @@ -929,11 +932,11 @@ containerSecurityContext: # run as root to bind to lower ports runAsUser: 0 ``` -**Note:** The default `podAnnotations` values disable inbound proxying for Kuma -and Istio. This is appropriate when using Kong as a gateway for external +**Note:** The default `podAnnotations` values disable inbound proxying for Kuma +and Istio. This is appropriate when using Kong as a gateway for external traffic inbound into the cluster. -If you want to use Kong as an internal proxy within the cluster network, you +If you want to use Kong as an internal proxy within the cluster network, you should enable inbound the inbound mesh proxies: ```yaml diff --git a/charts/kong/templates/deployment.yaml b/charts/kong/templates/deployment.yaml index 6e9bba8d3..36462fbbd 100644 --- a/charts/kong/templates/deployment.yaml +++ b/charts/kong/templates/deployment.yaml @@ -275,9 +275,30 @@ spec: {{- include "kong.volumeMounts" . | nindent 10 }} {{- include "kong.userDefinedVolumeMounts" .Values.deployment | nindent 10 }} readinessProbe: + {{- if .Values.readinessProbe.exec }} + exec: +{{ toYaml .Values.readinessProbe.exec | indent 10 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else }} {{ include "kong.proxy.compatibleReadiness" . | indent 10 }} + {{- end }} livenessProbe: -{{ toYaml .Values.livenessProbe | indent 10 }} + {{- if .Values.livenessProbe.exec }} + exec: +{{ toYaml .Values.livenessProbe.exec | indent 10 }} + {{- else }} + httpGet: +{{ toYaml .Values.livenessProbe.httpGet | indent 10 }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} {{- if .Values.startupProbe }} startupProbe: {{ toYaml .Values.startupProbe | indent 10 }} diff --git a/charts/kong/values.yaml b/charts/kong/values.yaml index b4e7aabb5..f225211a7 100644 --- a/charts/kong/values.yaml +++ b/charts/kong/values.yaml @@ -823,6 +823,7 @@ resources: {} # memory: 2G # readinessProbe for Kong pods +# replace httpGet with exec if you want to use a custom command readinessProbe: httpGet: path: "/status/ready" @@ -835,6 +836,7 @@ readinessProbe: failureThreshold: 3 # livenessProbe for Kong pods +# replace httpGet with exec if you want to use a custom command livenessProbe: httpGet: path: "/status" From 3695ea4e6ae313a013b56afc78d74399b52c5fc6 Mon Sep 17 00:00:00 2001 From: Manan Kothari Date: Wed, 22 May 2024 13:16:27 -0500 Subject: [PATCH 2/5] docs update changelog --- charts/kong/CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/kong/CHANGELOG.md b/charts/kong/CHANGELOG.md index 7dee70fe6..1815c17a2 100644 --- a/charts/kong/CHANGELOG.md +++ b/charts/kong/CHANGELOG.md @@ -24,6 +24,10 @@ with non-KIC labels. Requires KIC 3.0+. [#1061](https://github.com/Kong/charts/pull/1061) +* Allows overriding the liveness/readiness probes to use a command, default behavior is not changed + [#1070](https://github.com/Kong/charts/pull/1070) + + ## 2.38.0 ### Changes From 01931171f3970e647d107b7fda22797506a24ca0 Mon Sep 17 00:00:00 2001 From: Manan Kothari Date: Wed, 22 May 2024 13:17:28 -0500 Subject: [PATCH 3/5] docs update changelog --- charts/kong/CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/kong/CHANGELOG.md b/charts/kong/CHANGELOG.md index 1815c17a2..9b68dff53 100644 --- a/charts/kong/CHANGELOG.md +++ b/charts/kong/CHANGELOG.md @@ -2,8 +2,6 @@ ## Unreleased -* Allows overriding the liveness/readiness probes to use a command, default behavior is not changed - ### Changes * Updated handling of `session_conf_secret` to accommodate Kong 3.6. From 4522b7a8ca8e6e644bfdd0d34d7722b37c789e5c Mon Sep 17 00:00:00 2001 From: Manan Kothari Date: Mon, 3 Jun 2024 14:15:56 -0500 Subject: [PATCH 4/5] adding tests --- charts/kong/ci/probe-test-values.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 charts/kong/ci/probe-test-values.yaml diff --git a/charts/kong/ci/probe-test-values.yaml b/charts/kong/ci/probe-test-values.yaml new file mode 100644 index 000000000..40bac9958 --- /dev/null +++ b/charts/kong/ci/probe-test-values.yaml @@ -0,0 +1,24 @@ +# CI test for testing the probe with an exec command instead of the default httpGet +# - enable the probes with execGet + +livenessProbe: + execGet: + command: + - python3.10 + - /home/kong/scripts/liveness_probe.py + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +readinessProbe: + execGet: + command: + - python3.10 + - /home/kong/scripts/readiness_probe.py + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 \ No newline at end of file From a57717bf0a7bceeec9a61cb3b5ef6b8b224496d0 Mon Sep 17 00:00:00 2001 From: Manan Kothari Date: Mon, 3 Jun 2024 14:17:21 -0500 Subject: [PATCH 5/5] fixing typo --- charts/kong/ci/probe-test-values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/kong/ci/probe-test-values.yaml b/charts/kong/ci/probe-test-values.yaml index 40bac9958..b1d12c85a 100644 --- a/charts/kong/ci/probe-test-values.yaml +++ b/charts/kong/ci/probe-test-values.yaml @@ -2,7 +2,7 @@ # - enable the probes with execGet livenessProbe: - execGet: + exec: command: - python3.10 - /home/kong/scripts/liveness_probe.py @@ -13,7 +13,7 @@ livenessProbe: failureThreshold: 3 readinessProbe: - execGet: + exec: command: - python3.10 - /home/kong/scripts/readiness_probe.py