Tweakable terminationGracePeriodSeconds, liveness/readiness probes (#293

) * tweakable terminationGracePeriodSeconds,liveness/readiness probes Signed-off-by: Damiano Donati <damiano.donati@gmail.com> * update README.md Signed-off-by: Damiano Donati <damiano.donati@gmail.com> Co-authored-by: Engin Diri <engin.diri@ediri.de>
SchwarzIT · Nov 12, 2023 · cc76928 · cc76928
1 parent cc9e080
commit cc76928
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 11 deletions.
diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml
@@ -35,6 +35,8 @@ jobs:
           output: 'trivy-results.sarif'
           exit-code: '1'
           ignore-unfixed: true
+          limit-severities-for-sarif: true
+          severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5

diff --git a/charts/node-red/Chart.yaml b/charts/node-red/Chart.yaml
@@ -9,7 +9,7 @@ icon: https://nodered.org/about/resources/media/node-red-icon-2.png
 
 type: application
 
-version: 0.27.2
+version: 0.28.0
 appVersion: 3.0.2
 
 keywords:
@@ -29,7 +29,8 @@ maintainers:
 annotations:
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/changes: |
-    - update k8s-sidecar to 1.25.2
+    - add ability to tweak Deployment's liveness/readiness probes
+    - add ability to tweak Deployment's terminationGracePeriodSeconds
   artifacthub.io/images: |
     - name: node-red
       image: docker.io/nodered/node-red:3.0.2

diff --git a/charts/node-red/README.md b/charts/node-red/README.md
@@ -1,6 +1,6 @@
 # node-red ⚙
 
-![Version: 0.27.2](https://img.shields.io/badge/Version-0.27.2-informational?style=for-the-badge) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=for-the-badge) ![AppVersion: 3.0.2](https://img.shields.io/badge/AppVersion-3.0.2-informational?style=for-the-badge)
+![Version: 0.28.0](https://img.shields.io/badge/Version-0.28.0-informational?style=for-the-badge) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=for-the-badge) ![AppVersion: 3.0.2](https://img.shields.io/badge/AppVersion-3.0.2-informational?style=for-the-badge)
 
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/node-red&style=for-the-badge)](https://artifacthub.io/packages/search?repo=node-red)
 [![SIT](https://img.shields.io/badge/SIT-awesome-blueviolet.svg?style=for-the-badge)](https://jobs.schwarz)
@@ -16,7 +16,7 @@ A Helm chart for Node-Red, a low-code programming for event-driven applications
 To install the chart using the OCI artifact, run:
 
 ```bash
-helm install node-red oci://ghcr.io/schwarzit/charts/node-red --version 0.27.2
+helm install node-red oci://ghcr.io/schwarzit/charts/node-red --version 0.28.0
 ```
 
 ## Usage
@@ -32,7 +32,7 @@ helm repo update
 To install the chart with the release name node-red run:
 
 ```bash
-helm install node-red node-red/node-red --version 0.27.2
+helm install node-red node-red/node-red --version 0.28.0
 ```
 
 After a few seconds, node-red should be running.
@@ -85,6 +85,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | Ingress type of path |
 | ingress.tls | list | `[]` | Ingress TLS configuration |
 | initContainers | list | `[]` | containers which are run before the app containers are started |
+| livenessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | Liveness probe for the Deployment |
 | metrics.enabled | bool | `false` | Deploy metrics service |
 | metrics.path | string | `"/metrics"` |  |
 | metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
@@ -109,6 +110,7 @@ The command removes all the Kubernetes components associated with the chart and
 | podSecurityContext | object | `{"fsGroup":1000,"runAsUser":1000}` | Pod Security Context see [values.yaml](values.yaml) |
 | podSecurityContext.fsGroup | int | `1000` | node-red group is 1000 |
 | podSecurityContext.runAsUser | int | `1000` | node-red user is 1000 |
+| readinessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | Readiness probe for the Deployment |
 | resources | object | `{"limits":{"cpu":"500m","memory":"5123Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}` | CPU/Memory resource requests/limits |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":10003,"runAsNonRoot":true,"runAsUser":10003,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context see [values.yaml](values.yaml) |
 | service.annotations | object | `{}` | Annotations for the service |
@@ -136,6 +138,7 @@ The command removes all the Kubernetes components associated with the chart and
 | sidecar.resources | object | `{}` | Resources for the sidecar |
 | sidecar.securityContext | object | `{}` | Security context for the sidecar |
 | sidecar.volumeMounts | list | `[]` | The extra volume mounts for the sidecar |
+| terminationGracePeriodSeconds | int | `30` | The terminationGracePeriodSeconds for the pod here we explicitly set the default value defined in kubernetes https://github.com/kubernetes/api/blob/d4b94f478bb2e6467873657dd7b4e1b0ac8351be/core/v1/types.go#L3114-L3118 |
 | tolerations | list | `[]` | Toleration labels for pod assignment |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

diff --git a/charts/node-red/templates/deployment.yaml b/charts/node-red/templates/deployment.yaml
@@ -137,14 +137,14 @@ spec:
             - name: http
               containerPort: 1880
               protocol: TCP
+          {{- with .Values.livenessProbe }}
           livenessProbe:
-            httpGet:
-              path: /
-              port: http
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
           readinessProbe:
-            httpGet:
-              path: /
-              port: http
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           volumeMounts:
             {{- if and .Values.npmrc.enabled }}
             - name: npmrc-volume
@@ -207,3 +207,6 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- end }}
diff --git a/charts/node-red/values.yaml b/charts/node-red/values.yaml
@@ -185,6 +185,18 @@ ingress:
     # -- Name of the Issuer
     #     name: "test"
 
+# -- Liveness probe for the Deployment
+livenessProbe:
+  httpGet:
+    path: /
+    port: http
+
+# -- Readiness probe for the Deployment
+readinessProbe:
+  httpGet:
+    path: /
+    port: http
+
 # -- CPU/Memory resource requests/limits
 resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -204,6 +216,11 @@ nodeSelector: {}
 # -- Toleration labels for pod assignment
 tolerations: []
 
+# -- The terminationGracePeriodSeconds for the pod
+# here we explicitly set the default value defined in kubernetes
+# https://github.com/kubernetes/api/blob/d4b94f478bb2e6467873657dd7b4e1b0ac8351be/core/v1/types.go#L3114-L3118
+terminationGracePeriodSeconds: 30
+
 # -- The affinity constraint
 affinity: {}