feat: add support for probe config and ui svc labels

charts/core/README.md

@@ -169,6 +169,8 @@ Parameter | Description | Default | Notes
 `controller.certupgrader.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
 `controller.certupgrader.runAsUser` | Specify the run as User ID | `nil` |
 `controller.certupgrader.imagePullPolicy` | cert upgrader image pull policy | `IfNotPresent` |
+`controller.readinessProbe` | Readiness probe for the controller | `{"exec":{"command":["cat","/tmp/ready"]},"initialDelaySeconds":5,"periodSeconds":5}`
+`controller.livenessProbe` | Liveness probe for the controller | `{}`
 `enforcer.enabled` | If true, create enforcer | `true` |
 `enforcer.image.repository` | enforcer image repository | `neuvector/enforcer` |
 `enforcer.image.imagePullPolicy` | enforcer image pull policy | `IfNotPresent` |
@@ -184,6 +186,8 @@ Parameter | Description | Default | Notes
 `enforcer.internal.certificate.keyFile` | Set PEM format key file for custom enforcer internal certificate | `tls.key` |
 `enforcer.internal.certificate.pemFile` | Set PEM format certificate file for custom enforcer internal certificate | `tls.crt` |
 `enforcer.internal.certificate.caFile` | Set CA certificate file for enforcer custom internal certificate | `ca.crt` |
+`enforcer.readinessProbe` | Readiness probe for the enforcer | `{}`
+`enforcer.livenessProbe` | Liveness probe for the enforcer | `{}`
 `manager.enabled` | If true, create manager | `true` |
 `manager.image.repository` | manager image repository | `neuvector/manager` |
 `manager.image.imagePullPolicy` | manager image pull policy | `IfNotPresent` |
@@ -203,6 +207,7 @@ Parameter | Description | Default | Notes
 `manager.svc.nodePort` | set manager service NodePort number |  `nil` |
 `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 `manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
+`manager.svc.labels` | Add labels to manager service | `{}` |
 `manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
 `manager.route.host` | Set OpenShift route host for management console service | `nil` |
 `manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |

charts/core/templates/controller-deployment.yaml

@@ -132,13 +132,14 @@ spec:
           {{- else }}
 {{ toYaml .Values.resources | indent 12 }}
           {{- end }}
+          {{- if .Values.controller.readinessProbe }}
           readinessProbe:
-            exec:
-              command:
-                - cat
-                - /tmp/ready
-            initialDelaySeconds: 5
-            periodSeconds: 5
+            {{- toYaml .Values.controller.readinessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.controller.livenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.controller.livenessProbe | nindent 12 }}
+          {{- end }}
           env:
             - name: CLUSTER_JOIN_ADDR
               value: neuvector-svc-controller.{{ .Release.Namespace }}

charts/core/templates/enforcer-daemonset.yaml

@@ -98,6 +98,14 @@ spec:
           {{- else }}
 {{ toYaml .Values.resources | indent 12 }}
           {{- end }}
+          {{- if .Values.enforcer.readinessProbe }}
+          readinessProbe:
+            {{- toYaml .Values.enforcer.readinessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.enforcer.livenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.enforcer.livenessProbe | nindent 12 }}
+          {{- end }}
           env:
             - name: CLUSTER_JOIN_ADDR
               value: neuvector-svc-controller.{{ .Release.Namespace }}

charts/core/templates/manager-service.yaml

@@ -11,6 +11,9 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
+    {{- with .Values.manager.svc.labels }}
+    {{- toYaml . | indent 4 }}
+    {{- end }}
 spec:
   type: {{ .Values.manager.svc.type }}
 {{- if and .Values.manager.svc.loadBalancerIP (eq .Values.manager.svc.type "LoadBalancer") }}

charts/core/values.yaml

@@ -110,6 +110,15 @@ controller:
     {}
     # key1: value1
     # key2: value2
+  readinessProbe:
+    exec:
+      command:
+        - cat
+        - /tmp/ready
+    initialDelaySeconds: 5
+    periodSeconds: 5
+  livenessProbe:
+    {}
   apisvc:
     type:
     annotations: {}
@@ -348,6 +357,10 @@ enforcer:
     # requests:
     #   cpu: 100m
     #   memory: 2280Mi
+  readinessProbe:
+    {}
+  livenessProbe:
+    {}
   internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
     certificate:
       secret: "" 
@@ -379,6 +392,8 @@ manager:
       # azure
       # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
       # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet"
+    labels:
+      {}
   # OpenShift Route configuration
   # Make sure manager env ssl is false for edge termination
   route: