Externalise liveness and readiness probes (#24)

* Externalise liveness and readiness probes * Externalise liveness and readiness probes for dacha and edge * Add in memory postgres config file * Update helm docs * Bump Chart.yaml version to 4.1.2 --------- Co-authored-by: Alex Deng <alex.deng@featurehub.io>
featurehub-io · Feb 25, 2024 · 1bded89 · 1bded89
1 parent d357417
commit 1bded89
Show file tree

Hide file tree

Showing 11 changed files with 132 additions and 50 deletions.
diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -euo pipefail
 
-HELM_DOCS_VERSION="1.11.3"
+HELM_DOCS_VERSION="1.13.0"
 
 # install helm-docs
 curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz

diff --git a/helm/featurehub/Chart.yaml b/helm/featurehub/Chart.yaml
@@ -12,7 +12,7 @@ description: "FeatueHub is an Enterprise Grade, Cloud Native Feature Management
   their own requirements.
   "
 type: application
-version: 4.1.1
+version: 4.1.2
 icon: https://raw.githubusercontent.com/featurehub-io/featurehub/main/docs/modules/ROOT/images/fh_icon.png
 appVersion: "1.7.0"
 maintainers:

diff --git a/helm/featurehub/README.md b/helm/featurehub/README.md
@@ -1,6 +1,6 @@
 # featurehub
 
-![Version: 4.1.1](https://img.shields.io/badge/Version-4.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square)
+![Version: 4.1.2](https://img.shields.io/badge/Version-4.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square)
 
 FeatueHub is an Enterprise Grade, Cloud Native Feature Management platform that is available to suite any organisations requirements. This fully supported Helm chart is the Open Source version of the product, which has all the same features as the [SaaS product](https://app.featurehub.io).
 
@@ -45,6 +45,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo
 | dacha.ingress.enabled | bool | `false` |  |
 | dacha.ingress.hosts | list | `[]` |  |
 | dacha.ingress.tls | list | `[]` |  |
+| dacha.livenessProbe | object | `{"failureThreshold":1,"httpGet":{"path":"/health/liveness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"timeoutSeconds":3}` | this allows you to override the values of the liveness probe for dacha |
 | dacha.nodeSelector | object | `{}` |  |
 | dacha.podAnnotations | object | `{}` |  |
 | dacha.podDisruptionBudget.enabled | bool | `true` |  |
@@ -54,6 +55,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo
 | dacha.prometheus.enabled | bool | `false` | Whether to enable or disable prometheus metrics endpoints, and serviceMonitor If enabled, metrics are exposed on port 8701, on /metrics endpoint |
 | dacha.prometheus.labels | object | `{}` | Labels for the Prometheus Operator to handle the serviceMonitor |
 | dacha.pullPolicy | string | `"IfNotPresent"` |  |
+| dacha.readinessProbe | object | `{"failureThreshold":1,"httpGet":{"path":"/health/readiness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"successThreshold":2,"timeoutSeconds":3}` | this allows you to override the values of the readiness probe for dacha |
 | dacha.replicaCount | int | `2` |  |
 | dacha.resources | object | `{}` |  |
 | dacha.securityContext.runAsNonRoot | bool | `true` |  |
@@ -88,6 +90,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo
 | edge.ingress.enabled | bool | `false` |  |
 | edge.ingress.hosts | list | `[]` |  |
 | edge.ingress.tls | list | `[]` |  |
+| edge.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/health/liveness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"timeoutSeconds":3}` | this allows you to override the values of the liveness probe for edge |
 | edge.nodeSelector | object | `{}` |  |
 | edge.podAnnotations | object | `{}` |  |
 | edge.podDisruptionBudget.enabled | bool | `true` |  |
@@ -97,6 +100,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo
 | edge.prometheus.enabled | bool | `false` | Whether to enable or disable prometheus metrics endpoints, and serviceMonitor If enabled, metrics are exposed on port 8701, on /metrics endpoint |
 | edge.prometheus.labels | object | `{}` | Labels for the Prometheus Operator to handle the serviceMonitor |
 | edge.pullPolicy | string | `"IfNotPresent"` |  |
+| edge.readinessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/health/readiness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"successThreshold":2,"timeoutSeconds":3}` | this allows you to override the readiness probe for edge |
 | edge.replicaCount | int | `2` |  |
 | edge.resources | object | `{}` |  |
 | edge.securityContext.runAsNonRoot | bool | `true` |  |
@@ -119,6 +123,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo
 | global.extraVolumes | list | `[]` | List of extra volumes to add to Management Repository Deployment |
 | global.ingress.annotations | list | `[]` |  |
 | global.ingress.enabled | bool | `true` |  |
+| global.ingress.ingressClassName | string | `""` | specify the ingress class name if thats what makes yor ingress work. E.g. in AWS its "alb" |
 | global.intranet | bool | `false` | if set to true, then MR will serve the intranet version of the application which does not require external HTML dependencies |
 | global.urlPath | string | `""` | the default url path is to mount as root, this lets you mount where ever you like, but it affects the health checks |
 | googlepubsub.backOffInSeconds | int | `20` | how long to backoff when failing to process a request from an incoming subscription |
@@ -151,6 +156,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo
 | managementRepository.ingress.hosts | list | `[]` |  |
 | managementRepository.ingress.tls | list | `[]` |  |
 | managementRepository.initContainers | object | `{}` |  |
+| managementRepository.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/health/liveness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"timeoutSeconds":3}` | this allows you to override the values of the liveness probe for MR |
 | managementRepository.nodeSelector | object | `{}` |  |
 | managementRepository.podAnnotations | object | `{}` |  |
 | managementRepository.podDisruptionBudget.enabled | bool | `true` |  |
@@ -160,6 +166,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo
 | managementRepository.prometheus.enabled | bool | `false` | Whether to enable or disable prometheus metrics endpoints, and serviceMonitor If enabled, metrics are exposed on port 8701, on /metrics endpoint |
 | managementRepository.prometheus.labels | object | `{}` | Labels for the Prometheus Operator to handle the serviceMonitor |
 | managementRepository.pullPolicy | string | `"IfNotPresent"` |  |
+| managementRepository.readinessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/health/readiness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"successThreshold":2,"timeoutSeconds":3}` | this allows you to override the readiness probe |
 | managementRepository.replicaCount | int | `1` | how many copies |
 | managementRepository.resources | object | `{}` |  |
 | managementRepository.securityContext.runAsNonRoot | bool | `true` |  |
@@ -176,4 +183,4 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo
 | postgresql | object | `{"enabled":true,"global":{"postgresql":{"auth":{"postgresPassword":"postgresql"}}},"primary":{"initdb":{"scripts":{"featurehub.sql":"CREATE USER featurehub PASSWORD 'featurehub' LOGIN;\nCREATE DATABASE featurehub;\nGRANT ALL PRIVILEGES ON DATABASE featurehub TO featurehub;\n\\connect featurehub\nGRANT ALL ON SCHEMA public TO featurehub;"}},"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"128Mi","storageClassName":"standard"}}}` | ----------------------------------------------------------------------------- # |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
+Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0)
diff --git a/helm/featurehub/templates/dacha/deployment.yaml b/helm/featurehub/templates/dacha/deployment.yaml
@@ -86,22 +86,9 @@ spec:
               containerPort: 8701
               protocol: TCP
           livenessProbe:
-            initialDelaySeconds: 20
-            periodSeconds: 20
-            failureThreshold: 1  # we set this to 1 because if the health check fails, it means the cache is compromised
-            timeoutSeconds: 3
-            httpGet:
-              path: /health/liveness
-              port: metrics
+            {{- toYaml .Values.dacha.livenessProbe | nindent 12 }}
           readinessProbe:
-            initialDelaySeconds: 20
-            periodSeconds: 20
-            successThreshold: 2
-            failureThreshold: 1
-            timeoutSeconds: 3
-            httpGet:
-              path: /health/readiness
-              port: metrics
+            {{- toYaml .Values.dacha.readinessProbe | nindent 12 }}
           volumeMounts:
           {{- if gt ( len .Values.global.extraCommonConfigFiles ) 0 -}}
           {{- range $cm := .Values.global.extraCommonConfigFiles }}

diff --git a/helm/featurehub/templates/edge/deployment.yaml b/helm/featurehub/templates/edge/deployment.yaml
@@ -86,22 +86,9 @@ spec:
               containerPort: 8701
               protocol: TCP
           livenessProbe:
-            initialDelaySeconds: 20
-            periodSeconds: 20
-            failureThreshold: 2
-            timeoutSeconds: 3
-            httpGet:
-              path: {{ include "featurehub.liveness.url" . | quote }}
-              port: metrics
+            {{- toYaml .Values.edge.livenessProbe | nindent 12 }}
           readinessProbe:
-            initialDelaySeconds: 20
-            periodSeconds: 20
-            successThreshold: 2
-            failureThreshold: 2
-            timeoutSeconds: 3
-            httpGet:
-              path: {{ include "featurehub.readiness.url" . | quote }}
-              port: metrics
+            {{- toYaml .Values.edge.readinessProbe | nindent 12 }}
           volumeMounts:
           {{- if gt ( len .Values.global.extraCommonConfigFiles ) 0 -}}
           {{- range $cm := .Values.global.extraCommonConfigFiles }}

diff --git a/helm/featurehub/templates/global-ingress.yaml b/helm/featurehub/templates/global-ingress.yaml
@@ -11,6 +11,9 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
+  {{- if .Values.global.ingress.ingressClassName }}
+  ingressClassName: "{{ .Values.global.ingress.ingressClassName }}"
+  {{- end }}
   rules:
     - http:
         paths:

diff --git a/helm/featurehub/templates/management-repository/deployment.yaml b/helm/featurehub/templates/management-repository/deployment.yaml
@@ -94,22 +94,9 @@ spec:
               containerPort: 8701
               protocol: TCP
           livenessProbe:
-            initialDelaySeconds: 20
-            periodSeconds: 20
-            failureThreshold: 2
-            timeoutSeconds: 3
-            httpGet:
-              path: {{ include "featurehub.liveness.url" . | quote }}
-              port: metrics
+            {{- toYaml .Values.managementRepository.livenessProbe | nindent 12 }}
           readinessProbe:
-            initialDelaySeconds: 20
-            periodSeconds: 20
-            successThreshold: 2
-            failureThreshold: 2
-            timeoutSeconds: 3
-            httpGet:
-              path: {{ include "featurehub.readiness.url" . | quote }}
-              port: metrics
+            {{- toYaml .Values.managementRepository.readinessProbe | nindent 12 }}
           volumeMounts:
           {{- if gt ( len .Values.global.extraCommonConfigFiles ) 0 -}}
           {{- range $cm := .Values.global.extraCommonConfigFiles }}

diff --git a/helm/featurehub/values.yaml b/helm/featurehub/values.yaml
@@ -32,6 +32,8 @@ global:
   ingress:
     enabled: true
     annotations: []
+    # -- specify the ingress class name if thats what makes yor ingress work. E.g. in AWS its "alb"
+    ingressClassName: ""
 
   # -- If `true`, entries from `environmentVars` will be mapped to /etc/app-config/common.properties file
   # To mount secret settings as /etc/app-config/common.properties see volume fields
@@ -128,6 +130,28 @@ managementRepository:
     #   cpu: 100m
     #   memory: 128Mi
 
+  # -- this allows you to override the values of the liveness probe for MR
+  livenessProbe:
+    initialDelaySeconds: 20
+    periodSeconds: 20
+    failureThreshold: 2
+    timeoutSeconds: 3
+    httpGet:
+      path: "/health/liveness"
+      port: metrics
+
+  # -- this allows you to override the readiness probe
+  readinessProbe:
+    initialDelaySeconds: 20
+    periodSeconds: 20
+    successThreshold: 2
+    failureThreshold: 2
+    timeoutSeconds: 3
+    httpGet:
+      path: "/health/readiness"
+      port: metrics
+
+
   serviceAccount:
     # Specifies whether a service account should be created
     create: true
@@ -297,6 +321,27 @@ edge:
     #   cpu: 100m
     #   memory: 128Mi
 
+  # -- this allows you to override the values of the liveness probe for edge
+  livenessProbe:
+    initialDelaySeconds: 20
+    periodSeconds: 20
+    failureThreshold: 2
+    timeoutSeconds: 3
+    httpGet:
+      path: "/health/liveness"
+      port: metrics
+
+  # -- this allows you to override the readiness probe for edge
+  readinessProbe:
+    initialDelaySeconds: 20
+    periodSeconds: 20
+    successThreshold: 2
+    failureThreshold: 2
+    timeoutSeconds: 3
+    httpGet:
+      path: "/health/readiness"
+      port: metrics
+
   serviceAccount:
     # Specifies whether a service account should be created
     create: true
@@ -454,6 +499,27 @@ dacha:
     #   cpu: 100m
     #   memory: 128Mi
 
+  # -- this allows you to override the values of the liveness probe for dacha
+  livenessProbe:
+    initialDelaySeconds: 20
+    periodSeconds: 20
+    failureThreshold: 1  # we set this to 1 because if the health check fails, it means the cache is compromised
+    timeoutSeconds: 3
+    httpGet:
+      path: /health/liveness
+      port: metrics
+
+  # -- this allows you to override the values of the readiness probe for dacha
+  readinessProbe:
+    initialDelaySeconds: 20
+    periodSeconds: 20
+    successThreshold: 2
+    failureThreshold: 1
+    timeoutSeconds: 3
+    httpGet:
+      path: /health/readiness
+      port: metrics
+
   serviceAccount:
     # Specifies whether a service account should be created
     create: true

diff --git a/helm/in-memory-postgres/README.md b/helm/in-memory-postgres/README.md
@@ -0,0 +1,5 @@
+# In memory Postgres
+
+For testing inside an EKS cluster that we created from AWS Blueprints (https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/patterns/fargate-serverless), we found that the bundled Postgres Helm chart attempts to create an EBS mount inside a Fargate Container which is not currently supported (https://github.com/aws/containers-roadmap/issues/1113).
+
+We did not want to create an RDS instance for this testing and chose to run an in memory postgres for ephemeral testing.
diff --git a/helm/in-memory-postgres/pg.yaml b/helm/in-memory-postgres/pg.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: postgres
+  template:
+    metadata:
+      labels:
+        run: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres
+          env:
+            - name: POSTGRES_PASSWORD
+              value: featurehub
+            - name: POSTGRES_HOST_AUTH_METHOD
+              value: trust
+          ports:
+            - name: tcp
+              containerPort: 5432
+              protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: featurehub-postgresql
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5432
+      targetPort: 5432
+      protocol: TCP
+      name: postgres
+  selector:
+    run: postgres
diff --git a/helm/pubsub-emulator/README.md b/helm/pubsub-emulator/README.md
@@ -29,4 +29,4 @@ This is a helm chart for the pubsub emulator, which is useful for testing charts
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
+Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0)