Added readiness and liveness prob (#874)

* Added readiness and liveness prob

* typo fix

* port number fixed

* fixed the image name

charts/kyverno/values.yaml

@@ -53,29 +53,29 @@ resources:
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
 ##
 livenessProbe:
-#   httpGet:
-#     path: /healthz
-#     port: https
-#     scheme: HTTPS
-#   initialDelaySeconds: 10
-#   periodSeconds: 10
-#   timeoutSeconds: 5
-#   failureThreshold: 2
-#   successThreshold: 1
+  httpGet:
+    path: /health/liveness
+    port: 443
+    scheme: HTTPS
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 2
+  successThreshold: 1
 
 ## Readiness Probe. The block is directly forwarded into the deployment, so you can use whatever readinessProbe configuration you want.
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
 ##
 readinessProbe:
-#   httpGet:
-#     path: /healthz
-#     port: https
-#     scheme: HTTPS
-#   initialDelaySeconds: 5
-#   periodSeconds: 10
-#   timeoutSeconds: 5
-#   failureThreshold: 6
-#   successThreshold: 1
+  httpGet:
+    path: /health/readiness
+    port: 443
+    scheme: HTTPS
+  initialDelaySeconds: 5
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
 
 # TODO(mbarrien): Should we just list all resources for the
 # generatecontroller in here rather than having defaults hard-coded?

definitions/install.yaml

@@ -750,3 +750,23 @@ spec:
               cpu: "100m"
             limits:
               memory: "128Mi"
+          livenessProbe:
+            httpGet:
+              path: /health/liveness
+              port: 443
+              scheme: HTTPS
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 4
+            successThreshold: 1
+          readinessProbe:
+            httpGet:
+              path: /health/readiness
+              port: 443
+              scheme: HTTPS
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 4
+            successThreshold: 1

pkg/config/config.go

@@ -70,6 +70,10 @@ var (
 	PolicyMutatingWebhookServicePath = "/policymutate"
 	//VerifyMutatingWebhookServicePath is the path for verify webhook(used to veryfing if admission control is enabled and active)
 	VerifyMutatingWebhookServicePath = "/verifymutate"
+	// LivenessServicePath is the path for check liveness health
+	LivenessServicePath = "/health/liveness"
+	// ReadinessServicePath is the path for check readness health 
+	ReadinessServicePath = "/health/readiness"
 )
 
 //CreateClientConfig creates client config

pkg/webhooks/server.go

@@ -151,6 +151,22 @@ func NewWebhookServer(
 	mux.HandlerFunc("POST", config.PolicyValidatingWebhookServicePath, ws.handlerFunc(ws.policyValidation, true))
 	mux.HandlerFunc("POST", config.VerifyMutatingWebhookServicePath, ws.handlerFunc(ws.verifyHandler, false))
 
+	// Handle Liveness responds to a Kubernetes Liveness probe
+	// Fail this request if Kubernetes should restart this instance
+	mux.HandlerFunc("GET", config.LivenessServicePath, func(w http.ResponseWriter, r *http.Request){
+		defer r.Body.Close()
+
+		w.WriteHeader(http.StatusOK)
+	})
+
+	// Handle Readiness responds to a Kubernetes Readiness probe
+	// Fail this request if this instance can't accept traffic, but Kubernetes shouldn't restart it
+	mux.HandlerFunc("GET", config.ReadinessServicePath, func(w http.ResponseWriter, r *http.Request){
+		defer r.Body.Close()
+
+		w.WriteHeader(http.StatusOK)
+	})
+
 	ws.server = http.Server{
 		Addr:         ":443", // Listen on port for HTTPS requests
 		TLSConfig:    &tlsConfig,