feat: add startup probes support (#4896)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: treydock <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: treydock <tdockendorf@osc.edu>
2025-03-13 19:28:55 +00:00 · 2022-10-16 18:50:28 +02:00 · 2022-10-16 18:50:28 +02:00 · ac3b5eed22
commit ac3b5eed22
parent 7aefa89839
6 changed files with 35 additions and 0 deletions
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@ -42,5 +42,7 @@ annotations:
      description: Extra args support for init container.
    - kind: added
      description: Allow overriding of test security context and resource block.
+    - kind: added
+      description: Add startup probes support
    - kind: added
      description: Added possibility to define custom image registries
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -170,6 +170,7 @@ The command removes all the Kubernetes components associated with the chart and
 | initResources.requests | object | `{"cpu":"10m","memory":"64Mi"}` | Pod resource requests |
 | testResources.limits | object | `{"cpu":"100m","memory":"256Mi"}` | Pod resource limits |
 | testResources.requests | object | `{"cpu":"10m","memory":"64Mi"}` | Pod resource requests |
+| startupProbe | object | See [values.yaml](values.yaml) | Startup probe. The block is directly forwarded into the deployment, so you can use whatever startupProbes configuration you want. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ |
 | livenessProbe | object | See [values.yaml](values.yaml) | Liveness probe. The block is directly forwarded into the deployment, so you can use whatever livenessProbe configuration you want. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ |
 | readinessProbe | object | See [values.yaml](values.yaml) | Readiness Probe. The block is directly forwarded into the deployment, so you can use whatever readinessProbe configuration you want. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ |
 | generatecontrollerExtraResources | list | `[]` | Additional resources to be added to controller RBAC permissions. |
--- a/charts/kyverno/templates/deployment.yaml
+++ b/charts/kyverno/templates/deployment.yaml
@ -150,6 +150,9 @@ spec:
          {{- end }}
          - name: KYVERNO_DEPLOYMENT
            value: {{ template "kyverno.fullname" . }}
+        {{- with .Values.startupProbe }}
+          startupProbe: {{ tpl (toYaml .) $ | nindent 12 }}
+        {{- end }}
        {{- with .Values.livenessProbe }}
          livenessProbe: {{ tpl (toYaml .) $ | nindent 12 }}
        {{- end }}
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -232,6 +232,19 @@ testResources:
    cpu: 10m
    memory: 64Mi

+# -- Startup probe.
+# The block is directly forwarded into the deployment, so you can use whatever startupProbes configuration you want.
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+# @default -- See [values.yaml](values.yaml)
+startupProbe:
+  httpGet:
+    path: /health/liveness
+    port: 9443
+    scheme: HTTPS
+  failureThreshold: 12
+  initialDelaySeconds: 30
+  periodSeconds: 10
+
 # -- Liveness probe.
 # The block is directly forwarded into the deployment, so you can use whatever livenessProbe configuration you want.
 # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
--- a/config/install.yaml
+++ b/config/install.yaml
@ -26131,6 +26131,14 @@ spec:
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
+        startupProbe:
+          failureThreshold: 12
+          httpGet:
+            path: /health/liveness
+            port: 9443
+            scheme: HTTPS
+          initialDelaySeconds: 30
+          periodSeconds: 10
        volumeMounts:
        - mountPath: /.sigstore
          name: sigstore
--- a/config/manifest/deployment.yaml
+++ b/config/manifest/deployment.yaml
@ -124,6 +124,14 @@ spec:
              cpu: 100m
            limits:
              memory: 384Mi
+          startupProbe:
+            httpGet:
+              path: /health/liveness
+              port: 9443
+              scheme: HTTPS
+            failureThreshold: 12
+            initialDelaySeconds: 30
+            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /health/liveness