adding liveness and readiness probes

channel-42 · Oct 24, 2024 · 69ccc6f · 69ccc6f
1 parent 706a3bb
commit 69ccc6f
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 5 deletions.
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: wg-punchhole
 description: Route traffic via a gateway host into your cluster.
 type: application
-version: 0.0.1
-appVersion: "0.0.1"
+version: 0.0.2
+appVersion: "0.0.2"
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -30,7 +30,15 @@ spec:
         securityContext:
           {{- toYaml .Values.wireguard.containerSecurityContext | nindent 10 }}
         resources:
-            {{- toYaml .Values.wireguard.resources | nindent 12 }}
+          {{- toYaml .Values.wireguard.resources | nindent 10 }}
+        livenessProbe:
+          exec:
+            command: [/bin/ping, -c1, {{ .Values.wireguard.serverVpnIp }}]
+          {{- toYaml .Values.wireguard.livenessProbe | nindent 10 }}
+        readinessProbe:
+          exec:
+            command: [/bin/ping, -c1, {{ .Values.wireguard.serverVpnIp }}]
+          {{- toYaml .Values.wireguard.readinessProbe | nindent 10 }}
         volumeMounts:
           - name: wireguard-config
             mountPath: /config/wg_confs/
@@ -41,7 +49,7 @@ spec:
         securityContext:
           {{- toYaml .Values.haproxy.containerSecurityContext | nindent 10 }}
         resources:
-            {{- toYaml .Values.haproxy.resources | nindent 12 }}
+          {{- toYaml .Values.haproxy.resources | nindent 10 }}
         volumeMounts:
           - name: haproxy-config
             mountPath: /usr/local/etc/haproxy/haproxy.cfg

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -9,6 +9,9 @@ wireguard:
 
   configSecretName: wireguard-config
 
+  # The IP address of the WireGuard server inside the VPN network. Used for the liveness and readiness probes.
+  serverVpnIp: ""
+
   image: 
     pullPolicy: IfNotPresent
     repository: linuxserver/wireguard
@@ -23,6 +26,19 @@ wireguard:
     capabilities:
       add:
         - NET_ADMIN
+
+  livenessProbe:
+    timeoutSeconds: 1
+    initialDelaySeconds: 5
+    periodSeconds: 3
+    failureThreshold: 5
+
+  readinessProbe:
+    timeoutSeconds: 1
+    initialDelaySeconds: 5
+    periodSeconds: 3
+    failureThreshold: 5
+
 
 
 haproxy:
@@ -38,6 +54,7 @@ haproxy:
   resoures: {}
 
   containerSecurityContext:
+    readOnlyRootFilesystem: true
     runAsNonRoot: true
     allowPrivilegeEscalation: false
     runAsUser: 99
@@ -49,7 +66,6 @@ podAnnotations: {}
 podLabels: {}
 
 podSecurityContext:
-  readOnlyRootFilesystem: true
   runAsNonRoot: true
 
 nodeSelector: {}