Skip to content

Commit

Permalink
Allow configuration of probe timeouts, failure/success thresholds (#64)
Browse files Browse the repository at this point in the history 
* Allow configuration of probe timeouts, failure/success thresholds

Signed-off-by: Samuel Dacanay <[email protected]>

* bump chart version

Signed-off-by: Samuel Dacanay <[email protected]>

* Spread configurations to the rest of the deployments and bump the version again

Signed-off-by: Samuel Dacanay <[email protected]>
  • Loading branch information
@dakaneye
dakaneye authored Sep 15, 2020
1 parent a4114fb commit 1f430f9
Show file tree
Hide file tree
Showing 9 changed files with 115 additions and 99 deletions.
2 changes: 1 addition & 1 deletion stable/anchore-engine/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: anchore-engine
version: 1.9.1
version: 1.9.2
appVersion: 0.8.1
description: Anchore container analysis and policy evaluation engine service
keywords:
Expand Down
18 changes: 9 additions & 9 deletions stable/anchore-engine/templates/analyzer_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,22 +135,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: analyzer-api
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreAnalyzer.resources | nindent 10 }}
volumes:
Expand Down
90 changes: 45 additions & 45 deletions stable/anchore-engine/templates/api_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,22 +135,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: external-api
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreApi.resources | nindent 10 }}
{{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseRbac.enabled }}
Expand Down Expand Up @@ -204,22 +204,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: rbac-manager
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreEnterpriseRbac.managerResources | nindent 10 }}
- name: {{ .Chart.Name }}-rbac-authorizer
Expand Down Expand Up @@ -271,21 +271,21 @@ spec:
- curl
- -f
- 'localhost:{{ .Values.anchoreEnterpriseRbac.service.authPort }}/health'
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
exec:
command:
- curl
- -f
- 'localhost:{{ .Values.anchoreEnterpriseRbac.service.authPort }}/health'
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreEnterpriseRbac.authResources | nindent 10 }}
{{- end }}
Expand Down Expand Up @@ -340,22 +340,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: reports-api
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreEnterpriseReports.resources | nindent 10 }}
{{- end }}
Expand Down Expand Up @@ -410,22 +410,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: notifi-api
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreEnterpriseNotifications.resources | nindent 10 }}
{{- end }}
Expand Down
18 changes: 9 additions & 9 deletions stable/anchore-engine/templates/catalog_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,22 +130,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: catalog
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreCatalog.resources | nindent 10 }}
volumes:
Expand Down
18 changes: 9 additions & 9 deletions stable/anchore-engine/templates/enterprise_feeds_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,22 +120,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: feeds-api
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreEnterpriseFeeds.resources | nindent 10 }}
volumes:
Expand Down
16 changes: 9 additions & 7 deletions stable/anchore-engine/templates/enterprise_ui_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,17 +104,19 @@ spec:
livenessProbe:
tcpSocket:
port: enterprise-ui
initialDelaySeconds: 120
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /service/health
port: enterprise-ui
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreEnterpriseUi.resources | nindent 10 }}
volumes:
Expand Down
20 changes: 10 additions & 10 deletions stable/anchore-engine/templates/policy_engine_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,22 +132,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: policy
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchorePolicyEngine.resources | nindent 10 }}
volumes:
Expand Down Expand Up @@ -222,4 +222,4 @@ spec:
protocol: TCP
selector:
app: {{ template "anchore-engine.fullname" . }}
component: {{ $component }}
component: {{ $component }}
18 changes: 9 additions & 9 deletions stable/anchore-engine/templates/simplequeue_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,22 +130,22 @@ spec:
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
initialDelaySeconds: {{ .Values.anchoreGlobal.probes.liveness.initialDelaySeconds }}
timeoutSeconds: {{ .Values.anchoreGlobal.probes.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.liveness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.liveness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /health
port: simplequeue
{{- if .Values.anchoreGlobal.internalServicesSsl.enabled }}
scheme: HTTPS
{{- end }}
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1
timeoutSeconds: {{ .Values.anchoreGlobal.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.anchoreGlobal.probes.readiness.periodSeconds }}
failureThreshold: {{ .Values.anchoreGlobal.probes.readiness.failureThreshold }}
successThreshold: {{ .Values.anchoreGlobal.probes.readiness.successThreshold }}
resources:
{{ toYaml .Values.anchoreSimpleQueue.resources | nindent 10 }}
volumes:
Expand Down
14 changes: 14 additions & 0 deletions stable/anchore-engine/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,20 @@ anchoreGlobal:
general: {}
# url: "http://somehost:9090/<notification_type>/<userId>"

# Allow configuration of Kubernetes probes
probes:
liveness:
initialDelaySeconds: 120
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
readiness:
timeoutSeconds: 10
periodSeconds: 10
failureThreshold: 3
successThreshold: 1

# Configuration for the analyzer pods that perform image analysis
# There may be many of these analyzers but best practice is to not have more than one per node since analysis
# is very IO intensive. Use of affinity/anti-affinity rules for scheduling the analyzers is future work.
Expand Down

0 comments on commit 1f430f9

Please sign in to comment.