feat: add healthProbeBindAddr

wwniclask25 · wwniclask25 · commit 694569146403 · 2025-04-10T10:47:17.000+02:00
diff --git a/helm/aws-load-balancer-controller/README.md b/helm/aws-load-balancer-controller/README.md
@@ -244,7 +244,8 @@ The default values set by the application itself can be confirmed [here](https:/
 | `tolerateNonExistentBackendAction`             | whether to allow rules that reference a backend action that does not exist. (When enabled, it will return 503 error if backend action not exist)                                                                                                                                                                                             | `true`                                            |
 | `defaultSSLPolicy`                             | Specifies the default SSL policy to use for HTTPS or TLS listeners                                                                                                                                                                                                                                                                           | None                                              |
 | `externalManagedTags`                          | Specifies the list of tag keys on AWS resources that are managed externally                                                                                                                                                                                                                                                                  | `[]`                                              |
-| `livenessProbe`                                | Liveness probe settings for the controller                                                                                                                                                                                                                                                                                                   | (see `values.yaml`)                               |
+| `livenessProbe`                                | Liveness probe settings for the controller                                                                                                                                                                                                                                                                                                   | `{}` (see `values.yaml`)                          |
+| `readinessProbe`                               | Readiness probe settings for the controller                                                                                                                                                                                                                                                                                                  | `{}` (see `values.yaml`)                          |
 | `env`                                          | Environment variables to set for aws-load-balancer-controller pod                                                                                                                                                                                                                                                                            | None                                              |
 | `envFrom`                                       | Environment variables to set for aws-load-balancer-controller pod from configMap or Secret                                                                                                                                                                                                                                                  | None                                              |
 | `envSecretName`                                | AWS credentials as environment variables from Secret (Secret keys `key_id` and `access_key`).                                                                                                                                                                                                                                                | None                                              |
@@ -285,3 +286,4 @@ The default values set by the application itself can be confirmed [here](https:/
 | `loadBalancerClass`                            | Sets the AWS load balancer type to be used when the Kubernetes service requests an external load balancer                                                                                                                                                                                                                                    | `service.k8s.aws/nlb`                             |
 | `creator`                                      | if set to a `value!=helm`, it will disable the addition of default helm labels                                                                                                                                                                                                                                                               | `helm`                                            |
 | `runtimeClassName`                 | Runtime class name for the controller pods , such as `gvisor` or `kata`. An unspecified `nil` or empty `""` RuntimeClassName is equivalent to the backwards-compatible default behavior as if the RuntimeClass feature is disabled.                                                                                                                      | ""                                                | 
+| `healthProbeBindAddr`                          | The address the health probe endpoint binds to                                                                                                                                                                                                                                                                                               | `""`                                              |
diff --git a/helm/aws-load-balancer-controller/templates/deployment.yaml b/helm/aws-load-balancer-controller/templates/deployment.yaml
@@ -178,6 +178,9 @@ spec:
         {{- if .Values.vpcTags }}
         - --aws-vpc-tags={{ include "aws-load-balancer-controller.convertMapToCsv" .Values.vpcTags | trimSuffix "," }}
         {{- end }}
+        {{- if .Values.healthProbeBindAddr }}
+        - --health-probe-bind-addr={{ .Values.healthProbeBindAddr }}
+        {{- end }}
         {{- if or .Values.env .Values.envSecretName }}
         env:
         {{- if .Values.env}}
@@ -225,14 +228,26 @@ spec:
           protocol: TCP
         resources:
           {{- toYaml .Values.resources | nindent 10 }}
-        {{- with .Values.livenessProbe }}
         livenessProbe:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        {{- with .Values.readinessProbe }}
+          httpGet:
+            path: /healthz
+            port: {{ (split ":" .Values.healthProbeBindAddr)._1 | default 61779 }}
+            scheme: HTTP
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30 }}
+          periodSeconds: {{ .Values.livenessProbe.periodSeconds | default 10 }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 10 }}
+          successThreshold: {{ .Values.livenessProbe.successThreshold | default 1 }}
+          failureThreshold: {{ .Values.livenessProbe.failureThreshold | default 2 }}
         readinessProbe:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
+          httpGet:
+            path: /readyz
+            port: {{ (split ":" .Values.healthProbeBindAddr)._1 | default 61779 }}
+            scheme: HTTP
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 10 }}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds | default 10 }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 10 }}
+          successThreshold: {{ .Values.readinessProbe.successThreshold | default 1 }}
+          failureThreshold: {{ .Values.readinessProbe.failureThreshold | default 2 }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
diff --git a/helm/aws-load-balancer-controller/test.yaml b/helm/aws-load-balancer-controller/test.yaml
@@ -161,6 +161,9 @@ enableWaf:
 # Enable WAF V2 addon for ALB (default true)
 enableWafv2:
 
+# The address the health probe endpoint binds to. (default ":61779")
+healthProbeBindAddr: ""
+
 # Maximum number of concurrently running reconcile loops for ingress (default 3)
 ingressMaxConcurrentReconciles:
 
@@ -220,14 +223,10 @@ tolerateNonExistentBackendAction:
 defaultSSLPolicy:
 
 # Liveness probe configuration for the controller
-livenessProbe:
-  failureThreshold: 2
-  httpGet:
-    path: /healthz
-    port: 61779
-    scheme: HTTP
-  initialDelaySeconds: 30
-  timeoutSeconds: 10
+livenessProbe: {}
+
+# readiness probe configuration for the controller
+readinessProbe: {}
 
 # Environment variables to set for aws-load-balancer-controller pod.
 # We strongly discourage programming access credentials in the controller environment. You should setup IRSA or
diff --git a/helm/aws-load-balancer-controller/values.yaml b/helm/aws-load-balancer-controller/values.yaml
@@ -201,6 +201,9 @@ enableWaf:
 # Enable WAF V2 addon for ALB (default true)
 enableWafv2:
 
+# The address the health probe endpoint binds to. (default ":61779")
+healthProbeBindAddr: ""
+
 # Maximum number of concurrently running reconcile loops for ingress (default 3)
 ingressMaxConcurrentReconciles:
 
@@ -267,25 +270,20 @@ tolerateNonExistentBackendAction:
 defaultSSLPolicy:
 
 # Liveness probe configuration for the controller
-livenessProbe:
-  failureThreshold: 2
-  httpGet:
-    path: /healthz
-    port: 61779
-    scheme: HTTP
-  initialDelaySeconds: 30
-  timeoutSeconds: 10
+livenessProbe: {}
+  # failureThreshold: 3
+  # initialDelaySeconds: 30
+  # periodSeconds: 10
+  # successThreshold: 1
+  # timeoutSeconds: 1
 
 # readiness probe configuration for the controller
-readinessProbe:
-  failureThreshold: 2
-  httpGet:
-    path: /readyz
-    port: 61779
-    scheme: HTTP
-  successThreshold: 1
-  initialDelaySeconds: 10
-  timeoutSeconds: 10
+readinessProbe: {}
+  # failureThreshold: 3
+  # initialDelaySeconds: 10
+  # periodSeconds: 10
+  # successThreshold: 1
+  # timeoutSeconds: 1
 
 # Environment variables to set for aws-load-balancer-controller pod.
 # We strongly discourage programming access credentials in the controller environment. You should setup IRSA or
