From f7d533c50c0de524e978ee5ba6beafe9882024a2 Mon Sep 17 00:00:00 2001
From: charith-competa <charith@competa.com>
Date: Tue, 4 Nov 2025 18:27:23 +0530
Subject: [PATCH] fix: Bug #58523 - Add suitable startup probe for LDAP
 secondary servers

Added startupProbeSecondary with exec-based probe that queries base DN to verify replication completion. Updated statefulset-secondary.yaml to use the new probe with coalesce fallback.
---
 .../templates/statefulset-secondary.yaml      |  2 +-
 helm/ldap-server/values.yaml                  | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/helm/ldap-server/templates/statefulset-secondary.yaml b/helm/ldap-server/templates/statefulset-secondary.yaml
index 00a9e9b..2477d0a 100644
--- a/helm/ldap-server/templates/statefulset-secondary.yaml
+++ b/helm/ldap-server/templates/statefulset-secondary.yaml
@@ -254,7 +254,7 @@ spec:
           {{- end }}
           livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.livenessProbe "context" .) | nindent 12 }}
           readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readinessProbe "context" .) | nindent 12 }}
-          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.startupProbe "context" .) | nindent 12 }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (coalesce .Values.startupProbeSecondary .Values.startupProbe) "context" .) | nindent 12 }}
           ports:
             {{- range $key, $value := .Values.service.ports }}
             - name: {{ $key }}
diff --git a/helm/ldap-server/values.yaml b/helm/ldap-server/values.yaml
index d00fc35..8eef7d8 100644
--- a/helm/ldap-server/values.yaml
+++ b/helm/ldap-server/values.yaml
@@ -366,6 +366,28 @@ startupProbe:
   tcpSocket:
     port: 389
 
+#  Configure extra options for containers probes for secondary servers.
+# This startup probe checks that LDAP is responding and can serve queries,
+# ensuring the secondary has completed initial replication before it receives traffic.
+# The probe queries the base DN to verify the server has data and is ready.
+startupProbeSecondary:
+  # -- Delay after container start until StartupProbe is executed.
+  initialDelaySeconds: 15
+  # -- Number of failed executions until container is terminated.
+  # Increased to 30 to allow time for initial replication to complete.
+  failureThreshold: 30
+  # -- Time between probe executions.
+  periodSeconds: 10
+  # -- Number of successful executions after failed ones until container is marked healthy.
+  successThreshold: 1
+  # -- Timeout for command return.
+  timeoutSeconds: 5
+  exec:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - 'ldapsearch -H ldapi:/// -Y EXTERNAL -b "${LDAP_BASEDN}" -s base "(objectClass=*)" dn >/dev/null 2>&1'
+
 # -- Allows to configure the system extensions to load. This is intended for
 # internal usage, prefer to use `extensions` for user configured extensions.
 # This value will override the configuration in `global.systemExtensions`.