Merge pull request mogensen#12 from mogensen/health-probes

Health probes
cedi · Jun 21, 2021 · f2ab3ed · f2ab3ed
2 parents c5c8f4e + 4a50f08
commit f2ab3ed
Show file tree

Hide file tree

Showing 12 changed files with 174 additions and 26 deletions.
diff --git a/Makefile b/Makefile
@@ -21,7 +21,7 @@ build: ## build cert-checker
 verify: test build ## tests and builds cert-checker
 
 image: ## build docker image
-	docker build -t mogensen/cert-checker:v0.0.5 .
+	docker build -t mogensen/cert-checker:v0.0.6 .
 
 clean: ## clean up created files
 	rm -rf \
@@ -51,7 +51,7 @@ dev-kind-create: ## Create local cluster
 	 --values deploy/kind/prometheus-stack-values.yaml
 
 dev-kind-install: image ## Install cert-checker on kind cluster
-	kind --name $(KIND_CLUSTER_NAME) load docker-image mogensen/cert-checker:v0.0.5
+	kind --name $(KIND_CLUSTER_NAME) load docker-image mogensen/cert-checker:v0.0.6
 	kubectl create namespace cert-checker || true
 	kubectl apply -n cert-checker -f deploy/yaml/deploy.yaml
 	kubectl apply -n cert-checker -f deploy/yaml/grafana-dashboard-cm.yaml

diff --git a/README.md b/README.md
@@ -135,9 +135,9 @@ docker-compose up -d
 
 | Service           | URL                                                                                   |
 |-------------------|---------------------------------------------------------------------------------------|
-| cert-checker      | ui endpoint http://localhost:8081/                                                    |
-| cert-checker      | metrics endpoint http://localhost:8080/metrics                                        |
-| Prometheus        | example query http://localhost:9090/graph?g0.expr=cert_checker_expire_time{}&g0.tab=0 |
+| cert-checker      | ui endpoint http://localhost:8081/                                                    |
+| cert-checker      | metrics endpoint http://localhost:8080/metrics                                        |
+| Prometheus        | example query http://localhost:9090/graph?g0.expr=cert_checker_expire_time{}&g0.tab=0 |
 | Grafana           | Dashboard  http://localhost:3000/d/cert-checker/certificate-checker                   |
 
 Remember to edit the `deploy/docker-compose/cert-checker/config.yaml` with the actual domains you want to monitor..
@@ -199,7 +199,7 @@ namespace: cert-checker
 resources:
 - github.com/mogensen/cert-checker/deploy/yaml
 # optionally pin to a specific git tag
-# - github.com/mogensen/cert-checker/deploy/yaml?ref=cert-checker-0.0.5
+# - github.com/mogensen/cert-checker/deploy/yaml?ref=cert-checker-0.0.6
 
 # override confimap with your required settings
 patchesStrategicMerge:
@@ -301,8 +301,8 @@ make image dev-kind-install
 
 Access the local infrastructure here:
 
-| System             | URL                                                                                                        |
+| System             | URL                                                                                                        |
 | ------------------ |------------------------------------------------------------------------------------------------------------|
-| Prometheus         | http://prometheus.localtest.me/graph?g0.expr=cert_checker_is_valid&g0.tab=1&g0.stacked=0&g0.range_input=1h |
-| Grafana            | http://grafana.localtest.me/d/cert-checker/certificate-checker                                             |
-| build-in dashboard | http://cert-checker.localtest.me/                                                                          |
+| Prometheus         | http://prometheus.localtest.me/graph?g0.expr=cert_checker_is_valid&g0.tab=1&g0.stacked=0&g0.range_input=1h |
+| Grafana            | http://grafana.localtest.me/d/cert-checker/certificate-checker                                             |
+| Build-in dashboard | http://cert-checker.localtest.me/                                                                          |
diff --git a/config.yaml b/config.yaml
@@ -3,6 +3,7 @@ port: 8080
 webport: 8081
 intervalminutes: 1
 certificates:
+    - dns: twitter.com
     - dns: google.com
     - dns: example.com
     - dns: expired.badssl.com

diff --git a/deploy/charts/cert-checker/Changelog.md b/deploy/charts/cert-checker/Changelog.md
@@ -1,18 +1,87 @@
 # Change Log
 
-## Next Release 
+## 0.0.6 
 
-![AppVersion: v0.0.3](https://img.shields.io/static/v1?label=AppVersion&message=v0.0.3&color=success&logo=)
+**Release date:** 2021-06-21
+
+![AppVersion: v0.0.6](https://img.shields.io/static/v1?label=AppVersion&message=v0.0.6&color=success&logo=)
 ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
 
 
+* Version v0.0.6 
+* Update Documentation 
+* Adding readinessProbe and livenessProbe to Kubernetes deployment artifacts 
+
+### Default value changes
+
+```diff
+diff --git a/deploy/charts/cert-checker/values.yaml b/deploy/charts/cert-checker/values.yaml
+index 1462119..ac999ec 100644
+--- a/deploy/charts/cert-checker/values.yaml
++++ b/deploy/charts/cert-checker/values.yaml
+@@ -23,6 +23,24 @@ serviceAccount:
+   # If not set and create is true, a name is generated using the fullname template
+   name: ""
+
++## Monitoring
++livenessProbe:
++  enabled: true
++  httpGet:
++    path: /
++    port: 8081
++  initialDelaySeconds: 2
++  periodSeconds: 3
++
++readinessProbe:
++  enabled: true
++  httpGet:
++    path: /
++    port: 8081
++  initialDelaySeconds: 2
++  periodSeconds: 3
++
++## Config
+ certchecker:
+   loglevel: info
+   intervalminutes: 1
+```
+
+## 0.0.5 
+
+**Release date:** 2021-06-15
+
+![AppVersion: v0.0.5](https://img.shields.io/static/v1?label=AppVersion&message=v0.0.5&color=success&logo=)
+![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+
+* Version v0.0.5 
+* Update servicemonitor.yaml 
+
+### Default value changes
+
+```diff
+# No changes in this release
+```
+
+## 0.0.4 
+
+**Release date:** 2021-05-21
+
+![AppVersion: v0.0.4](https://img.shields.io/static/v1?label=AppVersion&message=v0.0.4&color=success&logo=)
+![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+
+* Upgrade version to v0.0.4 
+* Update Documentation 
+* Moving html and css into embedded files 
+* Adding Skaffold for quick helm development 
 * Use UID over 10.000 to not clash with host's UID 
 
 ### Default value changes
 
 ```diff
 diff --git a/deploy/charts/cert-checker/values.yaml b/deploy/charts/cert-checker/values.yaml
-index c2961a5..99069fa 100644
+index c2961a5..1462119 100644
 --- a/deploy/charts/cert-checker/values.yaml
 +++ b/deploy/charts/cert-checker/values.yaml
 @@ -53,9 +53,11 @@ podAnnotations:
@@ -28,7 +97,7 @@ index c2961a5..99069fa 100644
 
  securityContext:
    privileged: false
-@@ -64,7 +66,7 @@ securityContext:
+@@ -64,13 +66,34 @@ securityContext:
      - ALL
    readOnlyRootFilesystem: true
    runAsNonRoot: true
@@ -37,6 +106,33 @@ index c2961a5..99069fa 100644
    allowPrivilegeEscalation: false
 
  service:
+   type: ClusterIP
+   port: 8080
+
++uiService:
++  type: ClusterIP
++  port: 8081
++
++ingress:
++  enabled: false
++  annotations: {}
++    # kubernetes.io/ingress.class: nginx
++    # kubernetes.io/tls-acme: "true"
++  hosts:
++    - host: cert-checker.local
++      paths:
++      - path: /
++        backend:
++          serviceName: cert-checker.local
++          servicePort: 8081
++  tls: []
++  #  - secretName: chart-example-tls
++  #    hosts:
++  #      - cert-checker.local
++
+ resources: {}
+   # limits:
+   #   cpu: 100m
 ```
 
 ## 0.0.3 

diff --git a/deploy/charts/cert-checker/Chart.yaml b/deploy/charts/cert-checker/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.5
+version: 0.0.6
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.0.5
+appVersion: v0.0.6
diff --git a/deploy/charts/cert-checker/README.md b/deploy/charts/cert-checker/README.md
@@ -1,6 +1,6 @@
 # cert-checker
 
-![Version: 0.0.5](https://img.shields.io/badge/Version-0.0.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.5](https://img.shields.io/badge/AppVersion-v0.0.5-informational?style=flat-square)
+![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.6](https://img.shields.io/badge/AppVersion-v0.0.6-informational?style=flat-square)
 
 A tool to expose SSL Certificate information as prometheus metrics.
 
@@ -40,13 +40,23 @@ A tool to expose SSL Certificate information as prometheus metrics.
 | ingress.hosts[0].paths[0].backend.servicePort | int | `8081` |  |
 | ingress.hosts[0].paths[0].path | string | `"/"` |  |
 | ingress.tls | list | `[]` |  |
+| livenessProbe.enabled | bool | `true` |  |
+| livenessProbe.httpGet.path | string | `"/"` |  |
+| livenessProbe.httpGet.port | int | `8081` |  |
+| livenessProbe.initialDelaySeconds | int | `2` |  |
+| livenessProbe.periodSeconds | int | `3` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | podAnnotations."enable.cert-checker.io/cert-checker" | string | `"true"` |  |
 | podAnnotations."prometheus.io/path" | string | `"/metrics"` |  |
 | podAnnotations."prometheus.io/port" | string | `"8080"` |  |
 | podAnnotations."prometheus.io/scrape" | string | `"true"` |  |
 | podSecurityContext.fsGroup | int | `35212` |  |
+| readinessProbe.enabled | bool | `true` |  |
+| readinessProbe.httpGet.path | string | `"/"` |  |
+| readinessProbe.httpGet.port | int | `8081` |  |
+| readinessProbe.initialDelaySeconds | int | `2` |  |
+| readinessProbe.periodSeconds | int | `3` |  |
 | replicaCount | int | `1` |  |
 | resources | object | `{}` |  |
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |

diff --git a/deploy/charts/cert-checker/templates/deployment.yaml b/deploy/charts/cert-checker/templates/deployment.yaml
@@ -51,6 +51,17 @@ spec:
               protocol: TCP
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+
+        {{- if .Values.livenessProbe.enabled }}
+          livenessProbe:
+            {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }}
+        {{- end }}
+
+        {{- if .Values.readinessProbe.enabled }}
+          readinessProbe:
+            {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }}
+        {{- end }}
+
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/deploy/charts/cert-checker/values.yaml b/deploy/charts/cert-checker/values.yaml
@@ -23,6 +23,24 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
+## Monitoring
+livenessProbe:
+  enabled: true
+  httpGet:
+    path: /
+    port: 8081
+  initialDelaySeconds: 2
+  periodSeconds: 3
+
+readinessProbe:
+  enabled: true
+  httpGet:
+    path: /
+    port: 8081
+  initialDelaySeconds: 2
+  periodSeconds: 3
+
+## Config
 certchecker:
   loglevel: info
   intervalminutes: 1

diff --git a/deploy/docker-compose/docker-compose.yaml b/deploy/docker-compose/docker-compose.yaml
@@ -19,7 +19,7 @@ services:
     - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
 
   cert-checker:
-    image: mogensen/cert-checker:v0.0.5
+    image: mogensen/cert-checker:v0.0.6
     ports:
     - 8080:8080
     - 8081:8081

diff --git a/deploy/yaml/deploy.yaml b/deploy/yaml/deploy.yaml
@@ -6,7 +6,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cert-checker
     app.kubernetes.io/instance: cert-checker
-    app.kubernetes.io/version: "v0.0.5"
+    app.kubernetes.io/version: "v0.0.6"
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -15,7 +15,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cert-checker
     app.kubernetes.io/instance: cert-checker
-    app.kubernetes.io/version: "v0.0.5"
+    app.kubernetes.io/version: "v0.0.6"
 data:
   config.yaml: |
       certificates:
@@ -42,7 +42,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cert-checker
     app.kubernetes.io/instance: cert-checker
-    app.kubernetes.io/version: "v0.0.5"
+    app.kubernetes.io/version: "v0.0.6"
 spec:
   type: ClusterIP
   ports:
@@ -65,7 +65,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cert-checker
     app.kubernetes.io/instance: cert-checker
-    app.kubernetes.io/version: "v0.0.5"
+    app.kubernetes.io/version: "v0.0.6"
 spec:
   replicas: 1
   selector:
@@ -101,7 +101,7 @@ spec:
             readOnlyRootFilesystem: true
             runAsNonRoot: true
             runAsUser: 35212
-          image: "mogensen/cert-checker:v0.0.5"
+          image: "mogensen/cert-checker:v0.0.6"
           command: ["/app/cert-checker", "-c", "/data/config.yaml"]
           imagePullPolicy: IfNotPresent
           volumeMounts:
@@ -116,6 +116,18 @@ spec:
               protocol: TCP
           resources:
             {}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 8081
+            initialDelaySeconds: 2
+            periodSeconds: 3
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 8081
+            initialDelaySeconds: 2
+            periodSeconds: 3
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -124,7 +136,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cert-checker
     app.kubernetes.io/instance: cert-checker
-    app.kubernetes.io/version: "v0.0.5"
+    app.kubernetes.io/version: "v0.0.6"
 spec:
   rules:
     - host: "cert-checker.localtest.me"

diff --git a/deploy/yaml/grafana-dashboard-cm.yaml b/deploy/yaml/grafana-dashboard-cm.yaml
@@ -7,7 +7,7 @@ metadata:
     grafana_dashboard: "1"
     app.kubernetes.io/name: cert-checker
     app.kubernetes.io/instance: cert-checker
-    app.kubernetes.io/version: "v0.0.5"
+    app.kubernetes.io/version: "v0.0.6"
 data:
   cert-checker.json: |-
     {

diff --git a/deploy/yaml/servicemonitor.yaml b/deploy/yaml/servicemonitor.yaml
@@ -6,7 +6,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cert-checker
     app.kubernetes.io/instance: cert-checker
-    app.kubernetes.io/version: "v0.0.5"
+    app.kubernetes.io/version: "v0.0.6"
     release: prometheus
 spec:
   selector: