feat(chart): add probe configuration to helm

Signed-off-by: Oliver Bähler <[email protected]>

Author: oliverbaehler

charts/capsule-proxy/README.md

@@ -100,6 +100,7 @@ If you only need to make minor customizations, you can specify them on the comma
 | crds.keep | bool | `true` | Keep the CustomResourceDefinitions (when the chart is deleted) |
 | daemonset.hostNetwork | bool | `false` | Use the host network namespace for capsule-proxy pod. |
 | daemonset.hostPort | bool | `false` | Binding the capsule-proxy listening port to the host port. |
+| env | list | `[]` | Additional environment variables |
 | hostNetwork | bool | `false` | When deployed as DaemonSet use |
 | image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. |
 | image.registry | string | `"ghcr.io"` | Set the image registry for capsule-proxy |
@@ -121,11 +122,13 @@ If you only need to make minor customizations, you can specify them on the comma
 | jobs.topologySpreadConstraints | list | `[]` | Set Topology Spread Constraints |
 | jobs.ttlSecondsAfterFinished | int | `60` | Sets the ttl in seconds after a finished certgen job is deleted. Set to -1 to never delete. |
 | kind | string | `"Deployment"` | Set the deployment mode of the capsule-proxy as `Deployment` or `DaemonSet`. |
+| livenessProbe | object | `{"enabled":true,"httpGet":{"path":"/healthz/","port":"probe","scheme":"HTTP"},"initialDelaySeconds":20}` | Proxy Liveness-Probe |
 | nodeSelector | object | `{}` | Set the node selector for the capsule-proxy pod. |
 | podAnnotations | object | `{}` | Annotations to add to the capsule-proxy pod. |
 | podLabels | object | `{}` | Labels to add to the capsule-proxy pod. |
 | podSecurityContext | object | `{"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the capsule-proxy pod. |
 | priorityClassName | string | `""` | Specifies PriorityClass of the capsule-proxy pod. |
+| readinessProbe | object | `{"enabled":true,"httpGet":{"path":"/readyz/","port":"probe","scheme":"HTTP"},"initialDelaySeconds":5}` | Proxy Readyness-Probe |
 | replicaCount | int | `1` | Set the replica count for capsule-proxy pod. |
 | resources.limits.cpu | string | `"200m"` | Set the CPU requests assigned to the controller. |
 | resources.limits.memory | string | `"128Mi"` | Set the memory requests assigned to the controller. |
@@ -138,6 +141,8 @@ If you only need to make minor customizations, you can specify them on the comma
 | serviceAccount.name | string | `capsule-proxy`` | The name of the service account to use. If not set and `serviceAccount.create=true`, a name is generated using the fullname template |
 | tolerations | list | `[]` | Set list of tolerations for the capsule-proxy pod. |
 | topologySpreadConstraints | list | `[]` | Topology Spread Constraints for the capsule-proxy pod. |
+| volumeMounts | list | `[]` | Additional volume mounts |
+| volumes | list | `[]` | Additional volumes |
 
 ### Controller Options Parameters
 

charts/capsule-proxy/templates/_pod.tpl

@@ -24,8 +24,11 @@ spec:
   securityContext:
     {{- toYaml .Values.podSecurityContext | nindent 4 }}
   priorityClassName: {{ .Values.priorityClassName }}
-  {{- if .Values.options.enableSSL }}
   volumes:
+  {{- with .Values.volumes }}
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- if .Values.options.enableSSL }}
   - name: certs
     secret:
       secretName: {{ .Values.options.certificateVolumeName | default  (include "capsule-proxy.fullname" .) }}
@@ -61,6 +64,10 @@ spec:
     {{- with .Values.options.extraArgs }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
+    {{- with .Values.env }}
+    env: 
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
     ports:
     - name: proxy
       protocol: TCP
@@ -76,20 +83,21 @@ spec:
     - name: probe
       containerPort: 8081
       protocol: TCP
-    readinessProbe:
-      httpGet:
-        path: /readyz/
-        port: probe
-        scheme: HTTP
+    {{- if .Values.livenessProbe.enabled }}
     livenessProbe:
-      httpGet:
-        path: /healthz/
-        port: probe
-        scheme: HTTP
+      {{- toYaml (omit .Values.livenessProbe "enabled") | nindent 6 }}
+    {{- end }}
+    {{- if .Values.readinessProbe.enabled }}
+    readinessProbe:
+      {{- toYaml (omit .Values.readinessProbe "enabled") | nindent 6 }}
+    {{- end }}
     resources:
       {{- toYaml .Values.resources | nindent 12 }}
-    {{- if .Values.options.enableSSL }}
     volumeMounts:
+    {{- with .Values.volumeMounts }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- if .Values.options.enableSSL }}
     - mountPath: {{ .Values.options.SSLDirectory }}
       name: certs
     {{- end }}

charts/capsule-proxy/values.yaml

@@ -73,6 +73,24 @@ topologySpreadConstraints: []
 #     matchLabels:
 #       app.kubernetes.io/name: capsule-proxy
 
+# -- Proxy Readyness-Probe
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 5
+  httpGet:
+    path: /readyz/
+    port: probe
+    scheme: HTTP
+
+# -- Proxy Liveness-Probe
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 20
+  httpGet:
+    path: /healthz/
+    port: probe
+    scheme: HTTP
+
 # Set a pod priorityClassName
 # priorityClassName: system-node-critical
 # -- Specifies PriorityClass of the capsule-proxy pod.
@@ -106,6 +124,16 @@ resources:
     # -- Set the memory limits assigned to the controller.
     memory: 128Mi
 
+# -- Additional environment variables
+env: []
+
+# -- Additional volumes
+volumes: []
+
+# -- Additional volume mounts
+volumeMounts: []
+
+
 # Controller Options
 options:
   # -- Set the listening port of the capsule-proxy
@@ -144,6 +172,8 @@ options:
   clientConnectionBurst: 30
   # -- A list of extra arguments to add to the capsule-proxy.
   extraArgs: []
+  # -"--feature-gates=ProxyClusterScoped=true"
+  # -"--feature-gates=ProxyAllNamespaced=true"
 
 jobs:
   certs: