diff --git a/helm/aws-load-balancer-controller/README.md b/helm/aws-load-balancer-controller/README.md index d4f3f6272f..724adc3aec 100644 --- a/helm/aws-load-balancer-controller/README.md +++ b/helm/aws-load-balancer-controller/README.md @@ -244,7 +244,8 @@ The default values set by the application itself can be confirmed [here](https:/ | `tolerateNonExistentBackendAction` | whether to allow rules that reference a backend action that does not exist. (When enabled, it will return 503 error if backend action not exist) | `true` | | `defaultSSLPolicy` | Specifies the default SSL policy to use for HTTPS or TLS listeners | None | | `externalManagedTags` | Specifies the list of tag keys on AWS resources that are managed externally | `[]` | -| `livenessProbe` | Liveness probe settings for the controller | (see `values.yaml`) | +| `livenessProbe` | Liveness probe settings for the controller | `{}` (see `values.yaml`) | +| `readinessProbe` | Readiness probe settings for the controller | `{}` (see `values.yaml`) | | `env` | Environment variables to set for aws-load-balancer-controller pod | None | | `envFrom` | Environment variables to set for aws-load-balancer-controller pod from configMap or Secret | None | | `envSecretName` | AWS credentials as environment variables from Secret (Secret keys `key_id` and `access_key`). | None | @@ -285,3 +286,4 @@ The default values set by the application itself can be confirmed [here](https:/ | `loadBalancerClass` | Sets the AWS load balancer type to be used when the Kubernetes service requests an external load balancer | `service.k8s.aws/nlb` | | `creator` | if set to a `value!=helm`, it will disable the addition of default helm labels | `helm` | | `runtimeClassName` | Runtime class name for the controller pods , such as `gvisor` or `kata`. An unspecified `nil` or empty `""` RuntimeClassName is equivalent to the backwards-compatible default behavior as if the RuntimeClass feature is disabled. | "" | +| `healthProbeBindAddr` | The address the health probe endpoint binds to | `""` | diff --git a/helm/aws-load-balancer-controller/templates/deployment.yaml b/helm/aws-load-balancer-controller/templates/deployment.yaml index 130ca61583..b75fe14357 100644 --- a/helm/aws-load-balancer-controller/templates/deployment.yaml +++ b/helm/aws-load-balancer-controller/templates/deployment.yaml @@ -178,6 +178,9 @@ spec: {{- if .Values.vpcTags }} - --aws-vpc-tags={{ include "aws-load-balancer-controller.convertMapToCsv" .Values.vpcTags | trimSuffix "," }} {{- end }} + {{- if .Values.healthProbeBindAddr }} + - --health-probe-bind-addr={{ .Values.healthProbeBindAddr }} + {{- end }} {{- if or .Values.env .Values.envSecretName }} env: {{- if .Values.env}} @@ -225,14 +228,26 @@ spec: protocol: TCP resources: {{- toYaml .Values.resources | nindent 10 }} - {{- with .Values.livenessProbe }} livenessProbe: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.readinessProbe }} + httpGet: + path: /healthz + port: {{ (split ":" .Values.healthProbeBindAddr)._1 | default 61779 }} + scheme: HTTP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold | default 2 }} readinessProbe: - {{- toYaml . | nindent 10 }} - {{- end }} + httpGet: + path: /readyz + port: {{ (split ":" .Values.healthProbeBindAddr)._1 | default 61779 }} + scheme: HTTP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold | default 2 }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/helm/aws-load-balancer-controller/test.yaml b/helm/aws-load-balancer-controller/test.yaml index be074e92db..0acb577b18 100644 --- a/helm/aws-load-balancer-controller/test.yaml +++ b/helm/aws-load-balancer-controller/test.yaml @@ -161,6 +161,9 @@ enableWaf: # Enable WAF V2 addon for ALB (default true) enableWafv2: +# The address the health probe endpoint binds to. (default ":61779") +healthProbeBindAddr: "" + # Maximum number of concurrently running reconcile loops for ingress (default 3) ingressMaxConcurrentReconciles: @@ -220,14 +223,10 @@ tolerateNonExistentBackendAction: defaultSSLPolicy: # Liveness probe configuration for the controller -livenessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 61779 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 10 +livenessProbe: {} + +# readiness probe configuration for the controller +readinessProbe: {} # Environment variables to set for aws-load-balancer-controller pod. # We strongly discourage programming access credentials in the controller environment. You should setup IRSA or diff --git a/helm/aws-load-balancer-controller/values.yaml b/helm/aws-load-balancer-controller/values.yaml index 14261c8cb8..08c5395f19 100644 --- a/helm/aws-load-balancer-controller/values.yaml +++ b/helm/aws-load-balancer-controller/values.yaml @@ -201,6 +201,9 @@ enableWaf: # Enable WAF V2 addon for ALB (default true) enableWafv2: +# The address the health probe endpoint binds to. (default ":61779") +healthProbeBindAddr: "" + # Maximum number of concurrently running reconcile loops for ingress (default 3) ingressMaxConcurrentReconciles: @@ -267,25 +270,20 @@ tolerateNonExistentBackendAction: defaultSSLPolicy: # Liveness probe configuration for the controller -livenessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 61779 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 10 +livenessProbe: {} + # failureThreshold: 3 + # initialDelaySeconds: 30 + # periodSeconds: 10 + # successThreshold: 1 + # timeoutSeconds: 1 # readiness probe configuration for the controller -readinessProbe: - failureThreshold: 2 - httpGet: - path: /readyz - port: 61779 - scheme: HTTP - successThreshold: 1 - initialDelaySeconds: 10 - timeoutSeconds: 10 +readinessProbe: {} + # failureThreshold: 3 + # initialDelaySeconds: 10 + # periodSeconds: 10 + # successThreshold: 1 + # timeoutSeconds: 1 # Environment variables to set for aws-load-balancer-controller pod. # We strongly discourage programming access credentials in the controller environment. You should setup IRSA or