add readyz to admission

Makefile

@@ -269,16 +269,20 @@ ADMISSION_NAME = warden-admission
 build-admission:
 	docker build -t $(ADMISSION_NAME) -f ./docker/admission/Dockerfile .
 
-install-admission-k3d: build-admission
+tag-admission-k3d:
 	$(eval HASH_TAG=$(shell docker images $(ADMISSION_NAME):latest --quiet))
-	docker tag $(ADMISSION_NAME) $(ADMISSION_NAME):$(HASH_TAG)
+	docker tag $(ADMISSION_NAME) $(ADMISSION_NAME):latest3
 
+install-admission-k3d: build-admission tag-admission-k3d
 	k3d image import $(ADMISSION_NAME):$(HASH_TAG) -c kyma
 	kubectl set image deployment warden-admission -n default admission=$(ADMISSION_NAME):$(HASH_TAG)
+	sleep 10
+	kubectl wait --for condition=Available -n default deployment warden-admission --timeout=60s
 
 ## Install
 
 install:
+	k3d image import $(ADMISSION_NAME):latest3 -c kyma
 	 helm upgrade --install --wait --set global.config.data.logging.level=debug --set admission.enabled=true  warden ./charts/warden/
 uninstall:
 	helm uninstall warden --wait

charts/warden/charts/warden-admission/templates/deployment.yaml

@@ -29,6 +29,10 @@ spec:
             {{- toYaml .Values.global.securityContext | nindent 12 }}
           imagePullPolicy: IfNotPresent
           image: "{{ .Values.global.admission.image }}"
+          readinessProbe:
+            httpGet:
+              port: 8090
+              path: /readyz/
           resources:
             {{- toYaml .Values.global.admission.resources | nindent 12 }}
           args:
@@ -45,6 +49,9 @@ spec:
               containerPort: 9090
             - name: http-profiling
               containerPort: 8008
+            - name: health
+              containerPort: 8090
+              protocol: TCP
           volumeMounts:
             - name: config
               mountPath: {{ .Values.global.config.dir }}
@@ -57,7 +64,7 @@ spec:
           configMap:
             name: {{ .Values.global.config.configmapName }}
         - name: tmp-cert
-          emptyDir: {}
+          emptyDir: { }
         - name: notary-tmp
-          emptyDir: {}
+          emptyDir: { }
       priorityClassName: {{ .Values.global.wardenPriorityClassName }}

charts/warden/values.yaml

@@ -24,7 +24,8 @@ global:
         cpu: 300m
         memory: 160Mi
   admission:
-    image: 'europe-docker.pkg.dev/kyma-project/prod/warden/admission:main'
+#    image: 'europe-docker.pkg.dev/kyma-project/prod/warden/admission:main'
+    image: 'warden-admission:latest3'
     resources:
       requests:
         cpu: 10m

cmd/admission/main.go

@@ -4,12 +4,12 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"os"
-
 	"github.com/kyma-project/warden/internal/env"
 	"github.com/kyma-project/warden/internal/logging"
 	"github.com/kyma-project/warden/internal/webhook"
 	"go.uber.org/zap/zapcore"
+	"os"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
 
 	"github.com/go-logr/zapr"
 	"github.com/kyma-project/warden/internal/admission"
@@ -105,10 +105,11 @@ func main() {
 	}
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), manager.Options{
-		Scheme:             scheme,
-		Port:               appConfig.Admission.Port,
-		MetricsBindAddress: ":9090",
-		Logger:             logrZap,
+		Scheme:                 scheme,
+		Port:                   appConfig.Admission.Port,
+		MetricsBindAddress:     ":9090",
+		Logger:                 logrZap,
+		HealthProbeBindAddress: ":8090",
 		ClientDisableCacheFor: []ctrlclient.Object{
 			&corev1.Secret{},
 			&corev1.ConfigMap{},
@@ -119,6 +120,11 @@ func main() {
 		os.Exit(2)
 	}
 
+	if err := mgr.AddReadyzCheck("readiness check", healthz.Ping); err != nil {
+		logger.Error(err, "unable to register readyz")
+		os.Exit(1)
+	}
+
 	if err := webhook.SetupResourcesController(context.TODO(), mgr,
 		appConfig.Admission.ServiceName,
 		appConfig.Admission.SystemNamespace,
@@ -146,7 +152,6 @@ func main() {
 	whs := mgr.GetWebhookServer()
 	whs.CertName = certs.CertFile
 	whs.KeyName = certs.KeyFile
-
 	whs.Register(admission.ValidationPath, &ctrlwebhook.Admission{
 		Handler: admission.NewValidationWebhook(logger.With("webhook", "validation")),
 	})