chore(charts): define and use named ports for probes (#5775)

Co-authored-by: Gergely Bräutigam <skarlso777@gmail.com>

deploy/charts/external-secrets/README.md

@@ -141,14 +141,15 @@ The command removes all the Kubernetes components associated with the chart and
 | installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. |
 | leaderElect | bool | `false` | If true, external-secrets will perform leader election between instances to ensure no more than one instance of external-secrets operates at a time. |
 | livenessProbe.enabled | bool | `false` | Enabled determines if the liveness probe should be used or not. By default it's disabled. |
-| livenessProbe.spec | object | `{"address":"","failureThreshold":5,"httpGet":{"path":"/healthz","port":8082},"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | The body of the liveness probe settings. |
+| livenessProbe.spec | object | `{"address":"","failureThreshold":5,"httpGet":{"path":"/healthz","port":"live"},"initialDelaySeconds":10,"periodSeconds":10,"port":8082,"successThreshold":1,"timeoutSeconds":5}` | The body of the liveness probe settings. |
 | livenessProbe.spec.address | string | `""` | Address for liveness probe. |
 | livenessProbe.spec.failureThreshold | int | `5` | Number of consecutive probe failures that should occur before considering the probe as failed. |
-| livenessProbe.spec.httpGet | object | `{"path":"/healthz","port":8082}` | Handler for liveness probe. |
+| livenessProbe.spec.httpGet | object | `{"path":"/healthz","port":"live"}` | Handler for liveness probe. |
 | livenessProbe.spec.httpGet.path | string | `"/healthz"` | Path for liveness probe. |
-| livenessProbe.spec.httpGet.port | int | `8082` | Set this value to 8082 to active liveness probes. @schema type: [string, integer] |
+| livenessProbe.spec.httpGet.port | string | `"live"` | Set this value to 'live' (for named port) or an an integer for liveness probes. @schema type: [string, integer] |
 | livenessProbe.spec.initialDelaySeconds | int | `10` | Delay in seconds for the container to start before performing the initial probe. |
 | livenessProbe.spec.periodSeconds | int | `10` | Period in seconds for K8s to start performing probes. |
+| livenessProbe.spec.port | int | `8082` | Named port for liveness probe. |
 | livenessProbe.spec.successThreshold | int | `1` | Number of successful probes to mark probe successful. |
 | livenessProbe.spec.timeoutSeconds | int | `5` | Specify the maximum amount of time to wait for a probe to respond before considering it fails. |
 | log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifies Log Params to the External Secrets Operator |

deploy/charts/external-secrets/templates/cert-controller-deployment.yaml

@@ -100,9 +100,17 @@ spec:
             - containerPort: {{ .Values.certController.metrics.listen.port }}
               protocol: TCP
               name: metrics
+            - containerPort: {{ .Values.certController.readinessProbe.port }}
+              protocol: TCP
+              name: ready
+            {{- if and .Values.certController.startupProbe.enabled (not .Values.certController.startupProbe.useReadinessProbePort) }}
+            - containerPort: {{ .Values.certController.startupProbe.port }}
+              protocol: TCP
+              name: startup
+            {{- end }}
           readinessProbe:
             httpGet:
-              port: {{ .Values.certController.readinessProbe.port }}
+              port: ready
               path: /readyz
             initialDelaySeconds: 20
             periodSeconds: 5
@@ -110,9 +118,9 @@ spec:
           startupProbe:
             httpGet:
               {{- if .Values.certController.startupProbe.useReadinessProbePort }}
-              port: {{ .Values.certController.readinessProbe.port }}
+              port: ready
               {{- else }}
-              port: {{ .Values.certController.startupProbe.port }}
+              port: startup
               {{- end }}
               path: /readyz
             initialDelaySeconds: 20

deploy/charts/external-secrets/templates/deployment.yaml

@@ -125,8 +125,12 @@ spec:
           - --loglevel={{ .Values.log.level }}
           - --zap-time-encoding={{ .Values.log.timeEncoding }}
           {{- if .Values.livenessProbe.enabled }}
+          {{- if eq (kindOf .Values.livenessProbe.spec.httpGet.port) "string" }}
+          - --live-addr={{ .Values.livenessProbe.spec.address }}:{{ .Values.livenessProbe.spec.port }}
+          {{- else }}
           - --live-addr={{ .Values.livenessProbe.spec.address }}:{{ .Values.livenessProbe.spec.httpGet.port }}
           {{- end }}
+          {{- end }}
           {{- if .Values.metrics.listen.secure.enabled }}
           - --metrics-secure=true
           - --metrics-cert-dir={{ .Values.metrics.listen.secure.certDir }}
@@ -137,9 +141,18 @@ spec:
             - containerPort: {{ .Values.metrics.listen.port }}
               protocol: TCP
               name: metrics
+            {{- if .Values.livenessProbe.enabled }}
+            - name: live
+              protocol: TCP
+              {{- if eq (kindOf .Values.livenessProbe.spec.httpGet.port) "string" }}
+              containerPort: {{ .Values.livenessProbe.spec.port }}
+              {{- else }}
+              containerPort: {{ .Values.livenessProbe.spec.httpGet.port }}
+              {{- end }}
+            {{- end }}
           {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
-          {{- toYaml (omit .Values.livenessProbe.spec "address") | nindent 12 }}
+          {{- toYaml (omit .Values.livenessProbe.spec "address" "port") | nindent 12 }}
           {{- end }}
           {{- with .Values.extraEnv }}
           env:

deploy/charts/external-secrets/templates/webhook-deployment.yaml

@@ -98,9 +98,12 @@ spec:
             - containerPort: {{ .Values.webhook.port }}
               protocol: TCP
               name: webhook
+            - containerPort: {{ .Values.webhook.readinessProbe.port }}
+              protocol: TCP
+              name: ready
           readinessProbe:
             httpGet:
-              port: {{ .Values.webhook.readinessProbe.port }}
+              port: ready
               path: /readyz
             initialDelaySeconds: 20
             periodSeconds: 5

deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap

@@ -48,10 +48,13 @@ should match snapshot of default values:
                 - containerPort: 8080
                   name: metrics
                   protocol: TCP
+                - containerPort: 8081
+                  protocol: TCP
+                  name: ready
               readinessProbe:
                 httpGet:
                   path: /readyz
-                  port: 8081
+                  port: ready
                 initialDelaySeconds: 20
                 periodSeconds: 5
               securityContext:

deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap

@@ -49,10 +49,13 @@ should match snapshot of default values:
                 - containerPort: 10250
                   name: webhook
                   protocol: TCP
+                - containerPort: 8081
+                  protocol: TCP
+                  name: ready
               readinessProbe:
                 httpGet:
                   path: /readyz
-                  port: 8081
+                  port: ready
                 initialDelaySeconds: 20
                 periodSeconds: 5
               securityContext:

deploy/charts/external-secrets/tests/cert_controller_test.yaml

@@ -228,7 +228,7 @@ tests:
           value:
             httpGet:
               path: /readyz
-              port: 8081
+              port: ready
             initialDelaySeconds: 20
             periodSeconds: 5
   - it: should override the startup Probe port
@@ -240,10 +240,16 @@ tests:
       - cert-controller-deployment.yaml
     asserts:
       - equal:
+          path: spec.template.spec.containers[0].ports[2]
+          value:
+            containerPort: 8083
+            protocol: TCP
+            name: startup
+      - equal:
           path: spec.template.spec.containers[0].startupProbe
           value:
             httpGet:
-              port: 8083
+              port: startup
               path: /readyz
             initialDelaySeconds: 20
             periodSeconds: 5

deploy/charts/external-secrets/tests/controller_test.yaml

@@ -100,11 +100,91 @@ tests:
       - equal:
           path: spec.strategy.rollingUpdate.maxUnavailable
           value: 0
-  - it: should add livenessProbe if define
+  - it: should add livenessProbe if defined
+    set:
+      livenessProbe:
+        enabled: true
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].livenessProbe
+          value:
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+            httpGet:
+              port: live
+              path: /healthz
+      - equal:
+          path: spec.template.spec.containers[0].ports[1]
+          value:
+            containerPort: 8082
+            protocol: TCP
+            name: live
+  - it: should customize livenessProbe port under spec.port
+    set:
+      livenessProbe:
+        enabled: true
+        spec:
+          port: 8888
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].livenessProbe
+          value:
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+            httpGet:
+              port: live
+              path: /healthz
+      - equal:
+          path: spec.template.spec.containers[0].ports[1]
+          value:
+            containerPort: 8888
+            protocol: TCP
+            name: live
+  - it: should customize livenessProbe port under spec.httpGet
+    set:
+      livenessProbe:
+        enabled: true
+        spec:
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 10
+          failureThreshold: 10
+          successThreshold: 10
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].livenessProbe
+          value:
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 10
+            failureThreshold: 10
+            successThreshold: 10
+            httpGet:
+              port: 8080
+              path: /healthz
+              scheme: HTTP
+      - equal:
+          path: spec.template.spec.containers[0].ports[1]
+          value:
+            containerPort: 8080
+            protocol: TCP
+            name: live
+  - it: should use httpGet.port over spec.port when httpGet.port is numeric
     set:
       livenessProbe:
         enabled: true
         spec:
+          port: 3030
           initialDelaySeconds: 10
           periodSeconds: 10
           timeoutSeconds: 10
@@ -116,8 +196,23 @@ tests:
             scheme: HTTP
     asserts:
       - equal:
-          path: spec.template.spec.containers[0].livenessProbe.httpGet.port
-          value: 8080
+          path: spec.template.spec.containers[0].livenessProbe
+          value:
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 10
+            failureThreshold: 10
+            successThreshold: 10
+            httpGet:
+              port: 8080
+              path: /healthz
+              scheme: HTTP
+      - equal:
+          path: spec.template.spec.containers[0].ports[1]
+          value:
+            containerPort: 8080
+            protocol: TCP
+            name: live
   - it: should update args with enableHTTP2=true
     set:
       enableHTTP2: true

deploy/charts/external-secrets/values.schema.json

@@ -493,6 +493,9 @@
                         "periodSeconds": {
                             "type": "integer"
                         },
+                        "port": {
+                            "type": "integer"
+                        },
                         "successThreshold": {
                             "type": "integer"
                         },

deploy/charts/external-secrets/values.yaml

@@ -346,6 +346,8 @@ livenessProbe:
   spec:
     # -- Address for liveness probe.
     address: ""
+    # -- Named port for liveness probe.
+    port: 8082
     # -- Specify the maximum amount of time to wait for a probe to respond before considering it fails.
     timeoutSeconds: 5
     # -- Number of consecutive probe failures that should occur before considering the probe as failed.
@@ -358,9 +360,9 @@ livenessProbe:
     initialDelaySeconds: 10
     # -- Handler for liveness probe.
     httpGet:
-      # -- Set this value to 8082 to active liveness probes.
+      # -- Set this value to 'live' (for named port) or an an integer for liveness probes.
       # @schema type: [string, integer]
-      port: 8082
+      port: live
       # -- Path for liveness probe.
       path: /healthz