diff --git a/Makefile b/Makefile index 42a0b467..31646e46 100644 --- a/Makefile +++ b/Makefile @@ -269,16 +269,20 @@ ADMISSION_NAME = warden-admission build-admission: docker build -t $(ADMISSION_NAME) -f ./docker/admission/Dockerfile . -install-admission-k3d: build-admission +tag-admission-k3d: $(eval HASH_TAG=$(shell docker images $(ADMISSION_NAME):latest --quiet)) - docker tag $(ADMISSION_NAME) $(ADMISSION_NAME):$(HASH_TAG) + docker tag $(ADMISSION_NAME) $(ADMISSION_NAME):latest3 +install-admission-k3d: build-admission tag-admission-k3d k3d image import $(ADMISSION_NAME):$(HASH_TAG) -c kyma kubectl set image deployment warden-admission -n default admission=$(ADMISSION_NAME):$(HASH_TAG) + sleep 10 + kubectl wait --for condition=Available -n default deployment warden-admission --timeout=60s ## Install install: + k3d image import $(ADMISSION_NAME):latest3 -c kyma helm upgrade --install --wait --set global.config.data.logging.level=debug --set admission.enabled=true warden ./charts/warden/ uninstall: helm uninstall warden --wait diff --git a/charts/warden/charts/warden-admission/templates/deployment.yaml b/charts/warden/charts/warden-admission/templates/deployment.yaml index 0ff20e70..b89ddd53 100644 --- a/charts/warden/charts/warden-admission/templates/deployment.yaml +++ b/charts/warden/charts/warden-admission/templates/deployment.yaml @@ -29,6 +29,10 @@ spec: {{- toYaml .Values.global.securityContext | nindent 12 }} imagePullPolicy: IfNotPresent image: "{{ .Values.global.admission.image }}" + readinessProbe: + httpGet: + port: 8090 + path: /readyz/ resources: {{- toYaml .Values.global.admission.resources | nindent 12 }} args: @@ -45,6 +49,9 @@ spec: containerPort: 9090 - name: http-profiling containerPort: 8008 + - name: health + containerPort: 8090 + protocol: TCP volumeMounts: - name: config mountPath: {{ .Values.global.config.dir }} @@ -57,7 +64,7 @@ spec: configMap: name: {{ .Values.global.config.configmapName }} - name: tmp-cert - emptyDir: {} + emptyDir: { } - name: notary-tmp - emptyDir: {} + emptyDir: { } priorityClassName: {{ .Values.global.wardenPriorityClassName }} diff --git a/charts/warden/values.yaml b/charts/warden/values.yaml index 9ce058c8..770f99d5 100644 --- a/charts/warden/values.yaml +++ b/charts/warden/values.yaml @@ -24,7 +24,8 @@ global: cpu: 300m memory: 160Mi admission: - image: 'europe-docker.pkg.dev/kyma-project/prod/warden/admission:main' +# image: 'europe-docker.pkg.dev/kyma-project/prod/warden/admission:main' + image: 'warden-admission:latest3' resources: requests: cpu: 10m diff --git a/cmd/admission/main.go b/cmd/admission/main.go index ac31a569..b67016ef 100644 --- a/cmd/admission/main.go +++ b/cmd/admission/main.go @@ -4,12 +4,12 @@ import ( "context" "flag" "fmt" - "os" - "github.com/kyma-project/warden/internal/env" "github.com/kyma-project/warden/internal/logging" "github.com/kyma-project/warden/internal/webhook" "go.uber.org/zap/zapcore" + "os" + "sigs.k8s.io/controller-runtime/pkg/healthz" "github.com/go-logr/zapr" "github.com/kyma-project/warden/internal/admission" @@ -105,10 +105,11 @@ func main() { } mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), manager.Options{ - Scheme: scheme, - Port: appConfig.Admission.Port, - MetricsBindAddress: ":9090", - Logger: logrZap, + Scheme: scheme, + Port: appConfig.Admission.Port, + MetricsBindAddress: ":9090", + Logger: logrZap, + HealthProbeBindAddress: ":8090", ClientDisableCacheFor: []ctrlclient.Object{ &corev1.Secret{}, &corev1.ConfigMap{}, @@ -119,6 +120,11 @@ func main() { os.Exit(2) } + if err := mgr.AddReadyzCheck("readiness check", healthz.Ping); err != nil { + logger.Error(err, "unable to register readyz") + os.Exit(1) + } + if err := webhook.SetupResourcesController(context.TODO(), mgr, appConfig.Admission.ServiceName, appConfig.Admission.SystemNamespace, @@ -146,7 +152,6 @@ func main() { whs := mgr.GetWebhookServer() whs.CertName = certs.CertFile whs.KeyName = certs.KeyFile - whs.Register(admission.ValidationPath, &ctrlwebhook.Admission{ Handler: admission.NewValidationWebhook(logger.With("webhook", "validation")), })