ratify-project · susanshi · Sep 7, 2023 · Aug 30, 2023 · Aug 30, 2023 · Aug 30, 2023
@@ -38,6 +38,14 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.healthPort }}
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: {{ .Values.healthPort }}
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -70,11 +78,15 @@ spec:
             - --metrics-enabled={{ .Values.instrumentation.metricsEnabled }}
             - --metrics-type={{ .Values.instrumentation.metricsType }}
             - --metrics-port={{ .Values.instrumentation.metricsPort }}
+            - --health-port=:{{ .Values.healthPort }}
           ports:
             - containerPort: 6001
             {{- if .Values.instrumentation.metricsEnabled }}
             - containerPort: {{ required "You must provide .Values.instrumentation.metricsPort" .Values.instrumentation.metricsPort }}
             {{- end }}
+            - containerPort: {{ required "You must provide .Values.healthPort"  .Values.healthPort }}
+              name: healthz
+              protocol: TCP
           volumeMounts:             
             {{- if .Values.cosign.enabled }}
             - mountPath: "/usr/local/ratify-certs/cosign"

@@ -87,6 +87,7 @@ provider:
 podAnnotations: {}
 podLabels: {}
 enableRuntimeDefaultSeccompProfile: true
+healthPort: 9099
 
 rbac:
   create: true

@@ -47,6 +47,7 @@
 	metricsEnabled    bool
 	metricsType       string
 	metricsPort       int
+	healthPort        string
 }
 
 func NewCmdServe(_ ...string) *cobra.Command {
@@ -77,6 +78,7 @@
 	flags.BoolVar(&opts.metricsEnabled, "metrics-enabled", false, "Enable metrics exporter if enabled (default: false)")
 	flags.StringVar(&opts.metricsType, "metrics-type", httpserver.DefaultMetricsType, fmt.Sprintf("Metrics exporter type to use (default: %s)", httpserver.DefaultMetricsType))
 	flags.IntVar(&opts.metricsPort, "metrics-port", httpserver.DefaultMetricsPort, fmt.Sprintf("Metrics exporter port to use (default: %d)", httpserver.DefaultMetricsPort))
+	flags.StringVar(&opts.healthPort, "health-port", httpserver.DefaultHealthPort, fmt.Sprintf("Health port to use (default: %s)", httpserver.DefaultHealthPort))
 	return cmd
 }
 
@@ -100,7 +102,7 @@
 	if opts.enableCrdManager {
 		certRotatorReady := make(chan struct{})
 		logrus.Infof("starting crd manager")
-		go manager.StartManager(certRotatorReady)
+		go manager.StartManager(certRotatorReady, opts.healthPort)
 		manager.StartServer(opts.httpServerAddress, opts.configFilePath, opts.certDirectory, opts.caCertFile, opts.cacheTTL, opts.metricsEnabled, opts.metricsType, opts.metricsPort, certRotatorReady)
 
 		return nil

@@ -46,6 +46,7 @@ const (
 
 	DefaultMetricsType = "prometheus"
 	DefaultMetricsPort = 8888
+	DefaultHealthPort  = ":9099"
 )
 
 type Server struct {

@@ -142,12 +142,11 @@
 	}
 }
 
-func StartManager(certRotatorReady chan struct{}) {
+func StartManager(certRotatorReady chan struct{}, probeAddr string) {
 	var metricsAddr string
 	var enableLeaderElection bool
-	var probeAddr string
+
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
-	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
@@ -179,6 +178,8 @@
 		os.Exit(1)
 	}
 
+	setupLog.Debugf("setting up probeAddr at %s", probeAddr)
+
 	// Make sure certs are generated and valid if cert rotation is enabled.
 	if featureflag.CertRotation.Enabled {
 		// Make sure TLS cert watcher is already set up.