diff --git a/charts/core/README.md b/charts/core/README.md index 9381c73b..d6ff1d2d 100644 --- a/charts/core/README.md +++ b/charts/core/README.md @@ -169,6 +169,8 @@ Parameter | Description | Default | Notes `controller.certupgrader.nodeSelector` | Enable and specify nodeSelector labels | `{}` | `controller.certupgrader.runAsUser` | Specify the run as User ID | `nil` | `controller.certupgrader.imagePullPolicy` | cert upgrader image pull policy | `IfNotPresent` | +`controller.readinessProbe` | Readiness probe for the controller | `{"exec":{"command":["cat","/tmp/ready"]},"initialDelaySeconds":5,"periodSeconds":5}` +`controller.livenessProbe` | Liveness probe for the controller | `{}` `enforcer.enabled` | If true, create enforcer | `true` | `enforcer.image.repository` | enforcer image repository | `neuvector/enforcer` | `enforcer.image.imagePullPolicy` | enforcer image pull policy | `IfNotPresent` | @@ -184,6 +186,8 @@ Parameter | Description | Default | Notes `enforcer.internal.certificate.keyFile` | Set PEM format key file for custom enforcer internal certificate | `tls.key` | `enforcer.internal.certificate.pemFile` | Set PEM format certificate file for custom enforcer internal certificate | `tls.crt` | `enforcer.internal.certificate.caFile` | Set CA certificate file for enforcer custom internal certificate | `ca.crt` | +`enforcer.readinessProbe` | Readiness probe for the enforcer | `{}` +`enforcer.livenessProbe` | Liveness probe for the enforcer | `{}` `manager.enabled` | If true, create manager | `true` | `manager.image.repository` | manager image repository | `neuvector/manager` | `manager.image.imagePullPolicy` | manager image pull policy | `IfNotPresent` | @@ -203,6 +207,7 @@ Parameter | Description | Default | Notes `manager.svc.nodePort` | set manager service NodePort number | `nil` | `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` | `manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml) +`manager.svc.labels` | Add labels to manager service | `{}` | `manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` | `manager.route.host` | Set OpenShift route host for management console service | `nil` | `manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` | diff --git a/charts/core/templates/controller-deployment.yaml b/charts/core/templates/controller-deployment.yaml index 4b296855..2ce30c48 100644 --- a/charts/core/templates/controller-deployment.yaml +++ b/charts/core/templates/controller-deployment.yaml @@ -132,13 +132,14 @@ spec: {{- else }} {{ toYaml .Values.resources | indent 12 }} {{- end }} + {{- if .Values.controller.readinessProbe }} readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 5 - periodSeconds: 5 + {{- toYaml .Values.controller.readinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.controller.livenessProbe }} + livenessProbe: + {{- toYaml .Values.controller.livenessProbe | nindent 12 }} + {{- end }} env: - name: CLUSTER_JOIN_ADDR value: neuvector-svc-controller.{{ .Release.Namespace }} diff --git a/charts/core/templates/enforcer-daemonset.yaml b/charts/core/templates/enforcer-daemonset.yaml index 10684cb4..42dc1b48 100644 --- a/charts/core/templates/enforcer-daemonset.yaml +++ b/charts/core/templates/enforcer-daemonset.yaml @@ -98,6 +98,14 @@ spec: {{- else }} {{ toYaml .Values.resources | indent 12 }} {{- end }} + {{- if .Values.enforcer.readinessProbe }} + readinessProbe: + {{- toYaml .Values.enforcer.readinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.enforcer.livenessProbe }} + livenessProbe: + {{- toYaml .Values.enforcer.livenessProbe | nindent 12 }} + {{- end }} env: - name: CLUSTER_JOIN_ADDR value: neuvector-svc-controller.{{ .Release.Namespace }} diff --git a/charts/core/templates/manager-service.yaml b/charts/core/templates/manager-service.yaml index b9476748..faa13735 100644 --- a/charts/core/templates/manager-service.yaml +++ b/charts/core/templates/manager-service.yaml @@ -11,6 +11,9 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} + {{- with .Values.manager.svc.labels }} + {{- toYaml . | indent 4 }} + {{- end }} spec: type: {{ .Values.manager.svc.type }} {{- if and .Values.manager.svc.loadBalancerIP (eq .Values.manager.svc.type "LoadBalancer") }} diff --git a/charts/core/values.yaml b/charts/core/values.yaml index fb2eda58..e57d5210 100644 --- a/charts/core/values.yaml +++ b/charts/core/values.yaml @@ -110,6 +110,15 @@ controller: {} # key1: value1 # key2: value2 + readinessProbe: + exec: + command: + - cat + - /tmp/ready + initialDelaySeconds: 5 + periodSeconds: 5 + livenessProbe: + {} apisvc: type: annotations: {} @@ -348,6 +357,10 @@ enforcer: # requests: # cpu: 100m # memory: 2280Mi + readinessProbe: + {} + livenessProbe: + {} internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer) certificate: secret: "" @@ -379,6 +392,8 @@ manager: # azure # service.beta.kubernetes.io/azure-load-balancer-internal: "true" # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet" + labels: + {} # OpenShift Route configuration # Make sure manager env ssl is false for edge termination route: