Commit 40d93f25 authored by Sandro Mathys's avatar Sandro Mathys
Browse files

add default readiness and liveness probes to shibboleth container

parent c10597ea
...@@ -65,14 +65,6 @@ spec: ...@@ -65,14 +65,6 @@ spec:
image: "{{ include "shibboleth-sp.backend.image" . }}" image: "{{ include "shibboleth-sp.backend.image" . }}"
imagePullPolicy: "{{ include "shibboleth-sp.backend.imagePullPolicy" . }}" imagePullPolicy: "{{ include "shibboleth-sp.backend.imagePullPolicy" . }}"
command: ["shibd", "-t"] command: ["shibd", "-t"]
{{- if .Values.backend.readinessProbe }}
readinessProbe:
{{- .Values.backend.readinessProbe | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.backend.livenessProbe }}
livenessProbe:
{{- .Values.backend.livenessProbe | toYaml | nindent 12 }}
{{- end }}
resources: resources:
{{- toYaml .Values.backend.resources | nindent 12 }} {{- toYaml .Values.backend.resources | nindent 12 }}
volumeMounts: volumeMounts:
...@@ -152,6 +144,25 @@ spec: ...@@ -152,6 +144,25 @@ spec:
- name: SHIBSP_LISTENER_ADDRESS - name: SHIBSP_LISTENER_ADDRESS
value: "/dev/shm/shibd.sock" value: "/dev/shm/shibd.sock"
command: ["shibd", "-f", "-F"] command: ["shibd", "-f", "-F"]
# This port is actually exposed by the apache container, but it's accessible from this
# container anyway. Because it's easier to probe liveness and readiness of the shibd
# through Apache, it makes sense to create this named port on this containers as well.
ports:
- name: apache
containerPort: 8080
protocol: TCP
{{- if .Values.backend.workaround.readinessProbe.enabled }}
{{- if .Values.backend.readinessProbe }}
readinessProbe:
{{- .Values.backend.readinessProbe | toYaml | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.backend.workaround.livenessProbe.enabled }}
{{- if .Values.backend.livenessProbe }}
livenessProbe:
{{- .Values.backend.livenessProbe | toYaml | nindent 12 }}
{{- end }}
{{- end }}
resources: resources:
{{- toYaml .Values.backend.resources | nindent 12 }} {{- toYaml .Values.backend.resources | nindent 12 }}
volumeMounts: volumeMounts:
......
...@@ -122,8 +122,45 @@ backend: ...@@ -122,8 +122,45 @@ backend:
drop: drop:
- all - all
readinessProbe: {} # Note that this readinessProbe is identical to the frontend livenessProbe!
livenessProbe: {} # Warning: overwriting this through an out-of-chart values file is not
# currently possible, but a fix seems close to merging, see:
# https://github.com/helm/helm/issues/9136
# https://github.com/helm/helm/pull/9138
# It might be possible to overwrite it on the command line with --set
readinessProbe:
httpGet:
scheme: HTTP
port: apache
# will counter-intuitively return HTTP 200 even if shibboleth backend is dead
path: /Shibboleth.sso/Session
initialDelaySeconds: 10
periodSeconds: 10
# Note that this livenessProbe is identical to the frontend readinessProbe!
# Warning: overwriting this through an out-of-chart values file is not
# currently possible, but a fix seems close to merging, see:
# https://github.com/helm/helm/issues/9136
# https://github.com/helm/helm/pull/9138
# It might be possible to overwrite it on the command line with --set
livenessProbe:
httpGet:
scheme: HTTP
port: apache
# will also return HTTP 500 if shibboleth backend is dead
path: /
initialDelaySeconds: 10
periodSeconds: 10
# TODO: remove when the issue mentioned above is fixed
# TODO: also remove related code in templates/deployment.yaml
# Enables / disables the included default livenessProbe and readinessProbe.
# Will be removed in future.
workaround:
readinessProbe:
enabled: true
livenessProbe:
enabled: true
resources: {} resources: {}
# requests: # requests:
...@@ -253,7 +290,9 @@ frontend: ...@@ -253,7 +290,9 @@ frontend:
drop: drop:
- all - all
# overwriting this is not currently possible, but a fix seems close to merging, see: # Note that this readinessProbe is identical to the backend livenessProbe!
# Warning: overwriting this through an out-of-chart values file is not
# currently possible, but a fix seems close to merging, see:
# https://github.com/helm/helm/issues/9136 # https://github.com/helm/helm/issues/9136
# https://github.com/helm/helm/pull/9138 # https://github.com/helm/helm/pull/9138
# It might be possible to overwrite it on the command line with --set # It might be possible to overwrite it on the command line with --set
...@@ -266,7 +305,9 @@ frontend: ...@@ -266,7 +305,9 @@ frontend:
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 10 periodSeconds: 10
# Overwriting this is not currently possible, but a fix seems close to merging, see: # Note that this livenessProbe is identical to the backend readinessProbe!
# Warning: overwriting this through an out-of-chart values file is not
# currently possible, but a fix seems close to merging, see:
# https://github.com/helm/helm/issues/9136 # https://github.com/helm/helm/issues/9136
# https://github.com/helm/helm/pull/9138 # https://github.com/helm/helm/pull/9138
# It might be possible to overwrite it on the command line with --set # It might be possible to overwrite it on the command line with --set
...@@ -281,7 +322,7 @@ frontend: ...@@ -281,7 +322,7 @@ frontend:
# TODO: remove when the issue mentioned above is fixed # TODO: remove when the issue mentioned above is fixed
# TODO: also remove related code in templates/deployment.yaml # TODO: also remove related code in templates/deployment.yaml
# Enables / disables the livenessProbe and readinessProbe. # Enables / disables the included default livenessProbe and readinessProbe.
# Will be removed in future. # Will be removed in future.
workaround: workaround:
readinessProbe: readinessProbe:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment