fix: Allow overriding scheme for container probes (#39)

Our liveness and readiness probes will default to HTTP. However, if a customer wishes to enable TLS on the relay, those checks will need to be HTTPS. To support this option, the probe configuration will be made configurable with our existing behavior as the default. Customers can override the scheme if they wish using `relay.livenessProbe.httpGet.scheme = "HTTPS"` `relay.readinessProbe.httpGet.scheme = "HTTPS"`
launchdarkly · May 11, 2023 · 846d783 · 846d783
1 parent 15f80ee
commit 846d783
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -43,6 +43,8 @@ Here's a summary of the available configuration options:
 | relay.environmentVariables                    | array   | `[]`                                                         | Defines container environment variables to configure the Relay Proxy instance (via container spec) |
 | relay.secrets                                 | array   | `[]`                                                         | Defines container environment variables or volumes populated from k8s secrets                      |
 | relay.volume                                  | object  | `{}`                                                         | Enables offline mode or references an existing config file from a defined volume                   |
+| relay.livenessProbe                           | object  | `{httpGet: { port: "api",  path: "/status" }}`               | Defines the liveness probe for the relay container                                                 |
+| relay.readinessProbe                          | object  | `{httpGet: { port: "api",  path: "/status" }}`               | Defines the readiness probe for the relay container                                                |
 | replicaCount                                  | integer | `1`                                                          | Number of replicas of the relay pod                                                                |
 | image.repository                              | string  | `launchdarkly/ld-relay`                                      | ld-relay image repository                                                                          |
 | image.pullPolicy                              | string  | `IfNotPresent`                                               | ld-relay image pull policy                                                                         |

diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -124,14 +124,14 @@ spec:
                 protocol: {{ .protocol }}
                 name: {{ .name }}
             {{- end }}
+          {{- if .Values.relay.livenessProbe }}
           livenessProbe:
-            httpGet:
-              path: /status
-              port: api
+            {{- toYaml .Values.relay.livenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.relay.readinessProbe }}
           readinessProbe:
-            httpGet:
-              path: /status
-              port: api
+            {{- toYaml .Values.relay.readinessProbe | nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

diff --git a/test/deployment_test.go b/test/deployment_test.go
@@ -254,6 +254,70 @@ func (s *TemplateTest) TestCanSetPodSecurityContext() {
 	s.Require().Equal(int64(2000), *deployment.Spec.Template.Spec.SecurityContext.RunAsGroup)
 }
 
+func (s *TemplateTest) TestProbesDefaultToSaneValues() {
+	options := &helm.Options{
+		KubectlOptions: k8s.NewKubectlOptions("", "", s.Namespace),
+	}
+	output := helm.RenderTemplate(s.T(), options, s.ChartPath, s.Release, []string{"templates/deployment.yaml"})
+	var deployment appsv1.Deployment
+	helm.UnmarshalK8SYaml(s.T(), output, &deployment)
+
+	var none corev1.URIScheme
+	none = ""
+	s.Require().Equal("/status", *&deployment.Spec.Template.Spec.Containers[0].LivenessProbe.Handler.HTTPGet.Path)
+	s.Require().Equal("api", deployment.Spec.Template.Spec.Containers[0].LivenessProbe.Handler.HTTPGet.Port.String())
+	s.Require().Equal(none, *&deployment.Spec.Template.Spec.Containers[0].LivenessProbe.Handler.HTTPGet.Scheme)
+
+	s.Require().Equal("/status", *&deployment.Spec.Template.Spec.Containers[0].ReadinessProbe.Handler.HTTPGet.Path)
+	s.Require().Equal("api", deployment.Spec.Template.Spec.Containers[0].ReadinessProbe.Handler.HTTPGet.Port.String())
+	s.Require().Equal(none, *&deployment.Spec.Template.Spec.Containers[0].ReadinessProbe.Handler.HTTPGet.Scheme)
+}
+
+func (s *TemplateTest) TestCanAffectHttpGetProbes() {
+	options := &helm.Options{
+		SetValues: map[string]string{
+			"relay.livenessProbe.httpGet.path":   "/liveness",
+			"relay.livenessProbe.httpGet.port":   "8000",
+			"relay.livenessProbe.httpGet.scheme": "HTTPS",
+
+			"relay.readinessProbe.httpGet.path":   "/readiness",
+			"relay.readinessProbe.httpGet.port":   "9000",
+			"relay.readinessProbe.httpGet.scheme": "HTTPS",
+		},
+		KubectlOptions: k8s.NewKubectlOptions("", "", s.Namespace),
+	}
+
+	output := helm.RenderTemplate(s.T(), options, s.ChartPath, s.Release, []string{"templates/deployment.yaml"})
+	var deployment appsv1.Deployment
+	helm.UnmarshalK8SYaml(s.T(), output, &deployment)
+
+	s.Require().Equal("/liveness", *&deployment.Spec.Template.Spec.Containers[0].LivenessProbe.Handler.HTTPGet.Path)
+	s.Require().Equal(int(8000), deployment.Spec.Template.Spec.Containers[0].LivenessProbe.Handler.HTTPGet.Port.IntValue())
+	s.Require().Equal(corev1.URISchemeHTTPS, *&deployment.Spec.Template.Spec.Containers[0].LivenessProbe.Handler.HTTPGet.Scheme)
+
+	s.Require().Equal("/readiness", *&deployment.Spec.Template.Spec.Containers[0].ReadinessProbe.Handler.HTTPGet.Path)
+	s.Require().Equal(int(9000), deployment.Spec.Template.Spec.Containers[0].ReadinessProbe.Handler.HTTPGet.Port.IntValue())
+	s.Require().Equal(corev1.URISchemeHTTPS, *&deployment.Spec.Template.Spec.Containers[0].ReadinessProbe.Handler.HTTPGet.Scheme)
+
+}
+
+func (s *TemplateTest) TestCanDisableProbes() {
+	options := &helm.Options{
+		SetValues: map[string]string{
+			"relay.livenessProbe":  "null",
+			"relay.readinessProbe": "null",
+		},
+		KubectlOptions: k8s.NewKubectlOptions("", "", s.Namespace),
+	}
+
+	output := helm.RenderTemplate(s.T(), options, s.ChartPath, s.Release, []string{"templates/deployment.yaml"})
+	var deployment appsv1.Deployment
+	helm.UnmarshalK8SYaml(s.T(), output, &deployment)
+
+	s.Require().Nil(deployment.Spec.Template.Spec.Containers[0].LivenessProbe)
+	s.Require().Nil(deployment.Spec.Template.Spec.Containers[0].ReadinessProbe)
+}
+
 func (s *TemplateTest) TestCanSetDeprecatedPodSecurityContext() {
 	options := &helm.Options{
 		SetValues: map[string]string{

diff --git a/values.yaml b/values.yaml
@@ -146,6 +146,33 @@ relay:
     #   secretName: relay-proxy
     #   secretKey: redis-password
 
+  # Default liveness and readiness probes for the relay. This assumes the relay will be running in the standard non-TLS mode.
+  #
+  # If TLS is enabled, you will need to update this scheme to use HTTPS. You can do this by setting:
+  #
+  # relay:
+  #   livenessProbe:
+  #     httpGet:
+  #       scheme: HTTPS
+  #   readinessProbe:
+  #     httpGet:
+  #       scheme: HTTPS
+  #
+  # If you wish to fully disable both probes, you can do so by setting:
+  #
+  # relay:
+  #   livenessProbe: null
+  #   readinessProbe: null
+  livenessProbe:
+    httpGet:
+      path: /status
+      port: api
+  readinessProbe:
+      httpGet:
+        path: /status
+        port: api
+
+
   # Enables mounting a k8s volume onto the relay container.
   #
   # This configuration option is used to optionally provide access to an