Add readyz to admission (#186)

* add readyz to admission * revert changes in Makefile * revert local changes
kyma-project · Jan 31, 2024 · ff15366 · ff15366
1 parent 900e542
commit ff15366
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 9 deletions.
diff --git a/charts/warden/charts/warden-admission/templates/deployment.yaml b/charts/warden/charts/warden-admission/templates/deployment.yaml
@@ -29,6 +29,10 @@ spec:
             {{- toYaml .Values.global.securityContext | nindent 12 }}
           imagePullPolicy: IfNotPresent
           image: "{{ .Values.global.admission.image }}"
+          readinessProbe:
+            httpGet:
+              port: 8090
+              path: /readyz/
           resources:
             {{- toYaml .Values.global.admission.resources | nindent 12 }}
           args:
@@ -45,6 +49,9 @@ spec:
               containerPort: 9090
             - name: http-profiling
               containerPort: 8008
+            - name: health
+              containerPort: 8090
+              protocol: TCP
           volumeMounts:
             - name: config
               mountPath: {{ .Values.global.config.dir }}
@@ -57,7 +64,7 @@ spec:
           configMap:
             name: {{ .Values.global.config.configmapName }}
         - name: tmp-cert
-          emptyDir: {}
+          emptyDir: { }
         - name: notary-tmp
-          emptyDir: {}
+          emptyDir: { }
       priorityClassName: {{ .Values.global.wardenPriorityClassName }}
diff --git a/cmd/admission/main.go b/cmd/admission/main.go
@@ -4,12 +4,12 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"os"
-
 	"github.com/kyma-project/warden/internal/env"
 	"github.com/kyma-project/warden/internal/logging"
 	"github.com/kyma-project/warden/internal/webhook"
 	"go.uber.org/zap/zapcore"
+	"os"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
 
 	"github.com/go-logr/zapr"
 	"github.com/kyma-project/warden/internal/admission"
@@ -105,10 +105,11 @@ func main() {
 	}
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), manager.Options{
-		Scheme:             scheme,
-		Port:               appConfig.Admission.Port,
-		MetricsBindAddress: ":9090",
-		Logger:             logrZap,
+		Scheme:                 scheme,
+		Port:                   appConfig.Admission.Port,
+		MetricsBindAddress:     ":9090",
+		Logger:                 logrZap,
+		HealthProbeBindAddress: ":8090",
 		ClientDisableCacheFor: []ctrlclient.Object{
 			&corev1.Secret{},
 			&corev1.ConfigMap{},
@@ -119,6 +120,11 @@ func main() {
 		os.Exit(2)
 	}
 
+	if err := mgr.AddReadyzCheck("readiness check", healthz.Ping); err != nil {
+		logger.Error(err, "unable to register readyz")
+		os.Exit(1)
+	}
+
 	if err := webhook.SetupResourcesController(context.TODO(), mgr,
 		appConfig.Admission.ServiceName,
 		appConfig.Admission.SystemNamespace,
@@ -146,7 +152,6 @@ func main() {
 	whs := mgr.GetWebhookServer()
 	whs.CertName = certs.CertFile
 	whs.KeyName = certs.KeyFile
-
 	whs.Register(admission.ValidationPath, &ctrlwebhook.Admission{
 		Handler: admission.NewValidationWebhook(logger.With("webhook", "validation")),
 	})