From 53060a7918ade83c75d81eaf200c49242ec409f7 Mon Sep 17 00:00:00 2001
From: Alexandre Lossent <alexandre.lossent@cern.ch>
Date: Fri, 27 Oct 2023 16:18:42 +0200
Subject: [PATCH] Re-introduce readinessProbe for eoscredentials

---
 el9/templates/deployment.yaml | 29 ++++++++++++++++-------------
 el9/values.yaml               |  9 +++++++++
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/el9/templates/deployment.yaml b/el9/templates/deployment.yaml
index 351518d..1235ea5 100644
--- a/el9/templates/deployment.yaml
+++ b/el9/templates/deployment.yaml
@@ -52,7 +52,7 @@ spec:
         app: {{ .Release.Name | quote }}
         webeos.cern.ch/place-new-webeos-sites: {{ .Values.placeNewWebeosSites | quote }}
         {{- if .Values.podLabels }}
-        {{ .Values.podLabels | toYaml | nindent 8 }}
+        {{- .Values.podLabels | toYaml | nindent 8 }}
         {{- end }}
       annotations:
         webeos.cern.ch/webeos-site-path-regex: {{ .Values.webeosSitePathRegex | quote }}
@@ -65,13 +65,13 @@ spec:
         checksum/mailrc-config: {{ include (print $.Template.BasePath "/mailrc-configmap.yaml") . | sha256sum }}
     spec:
       {{- if .Values.nodeSelector }}
-      nodeSelector: {{ .Values.nodeSelector | toYaml | nindent 8 }}
+      nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
       {{- end }}
       {{- if .Values.tolerations }}
-      tolerations: {{ .Values.tolerations | toYaml | nindent 8 }}
+      tolerations: {{- .Values.tolerations | toYaml | nindent 8 }}
       {{- end }}
       {{- if .Values.affinity }}
-      affinity: {{ .Values.affinity | toYaml | nindent 8 }}
+      affinity: {{- .Values.affinity | toYaml | nindent 8 }}
       {{- end }}
       dnsPolicy: ClusterFirst
       # This is required to make sure DNS resolution doesn't time out.
@@ -112,13 +112,13 @@ spec:
           - name: RELOAD_TIMESTAMP_FILE
             value: /etc/httpd/conf.d/vhost/httpd-config-loaded
           {{- if .Values.containers.httpd.livenessProbe }}
-          livenessProbe: {{ .Values.containers.httpd.livenessProbe | toYaml | nindent 12 }}
+          livenessProbe: {{- .Values.containers.httpd.livenessProbe | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.containers.httpd.readinessProbe }}
-          readinessProbe: {{ .Values.containers.httpd.readinessProbe | toYaml | nindent 12 }}
+          readinessProbe: {{- .Values.containers.httpd.readinessProbe | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.containers.httpd.resources }}
-          resources: {{ .Values.containers.httpd.resources | toYaml | nindent 12 }}
+          resources: {{- .Values.containers.httpd.resources | toYaml | nindent 12 }}
           {{- end }}
           lifecycle:
             preStop:
@@ -166,13 +166,13 @@ spec:
           imagePullPolicy: Always
           command: ["php-fpm"]
           {{- if .Values.containers.phpFpm.livenessProbe }}
-          livenessProbe: {{ .Values.containers.phpFpm.livenessProbe | toYaml | nindent 12 }}
+          livenessProbe: {{- .Values.containers.phpFpm.livenessProbe | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.containers.phpFpm.readinessProbe }}
-          readinessProbe: {{ .Values.containers.phpFpm.readinessProbe | toYaml | nindent 12 }}
+          readinessProbe: {{- .Values.containers.phpFpm.readinessProbe | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.containers.phpFpm.resources }}
-          resources: {{ .Values.containers.phpFpm.resources | toYaml | nindent 12 }}
+          resources: {{- .Values.containers.phpFpm.resources | toYaml | nindent 12 }}
           {{- end }}
           terminationMessagePath:  /dev/termination-log
           volumeMounts:
@@ -202,10 +202,13 @@ spec:
           image: {{ .Values.containers.eoscredentials.image | quote }}
           imagePullPolicy: Always
           {{- if .Values.containers.eoscredentials.livenessProbe }}
-          livenessProbe: {{ .Values.containers.eoscredentials.livenessProbe | toYaml | nindent 12 }}
+          livenessProbe: {{- .Values.containers.eoscredentials.livenessProbe | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.containers.eoscredentials.readinessProbe }}
+          readinessProbe: {{- .Values.containers.eoscredentials.readinessProbe | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.containers.eoscredentials.resources }}
-          resources: {{ .Values.containers.eoscredentials.resources | toYaml | nindent 12 }}
+          resources: {{- .Values.containers.eoscredentials.resources | toYaml | nindent 12 }}
           {{- end }}
           env:
           - name: KEYTAB_USER
@@ -268,7 +271,7 @@ spec:
             timeoutSeconds: 5
             periodSeconds: 10
             successThreshold: 1
-          resources: {{ .Values.containers.controller.resources | toYaml | nindent 12 }}
+          resources: {{- .Values.containers.controller.resources | toYaml | nindent 12 }}
           securityContext:
             # The config controller must run as root so the generated vhost files can be made readable to root only.
             runAsUser: 0
diff --git a/el9/values.yaml b/el9/values.yaml
index e7af837..e8c2ed0 100644
--- a/el9/values.yaml
+++ b/el9/values.yaml
@@ -68,6 +68,15 @@ containers:
       timeoutSeconds: 1
       exec:
         command: [ /check.sh ]
+    # readiness probe is useful here to prevent requests from being sent to the pod without a functional Kerberos ticket
+    readinessProbe:
+      initialDelaySeconds: 2
+      failureThreshold: 3
+      periodSeconds: 10
+      successThreshold: 1
+      timeoutSeconds: 1
+      exec:
+        command: [ /check.sh ]
 
   httpd:
     # The following values assume:
-- 
GitLab