fix: make default probe timers less aggressive (#720)

ory · Dec 11, 2024 · 15d9697 · 15d9697
1 parent 1188d3e
commit 15d9697
Show file tree

Hide file tree

Showing 10 changed files with 22 additions and 44 deletions.
diff --git a/helm/charts/hydra/README.md b/helm/charts/hydra/README.md
@@ -98,7 +98,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes
 | deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | deployment.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | deployment.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
-| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":0,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":1}` | Default probe timers |
+| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":1,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":2}` | Default probe timers |
 | deployment.strategy.rollingUpdate.maxSurge | string | `"25%"` |  |
 | deployment.strategy.rollingUpdate.maxUnavailable | string | `"25%"` |  |
 | deployment.strategy.type | string | `"RollingUpdate"` |  |

diff --git a/helm/charts/hydra/values.yaml b/helm/charts/hydra/values.yaml
@@ -345,8 +345,8 @@ deployment:
     failureThreshold: 5
     successThreshold: 1
     periodSeconds: 1
-    timeoutSeconds: 1
-    initialDelaySeconds: 0
+    timeoutSeconds: 2
+    initialDelaySeconds: 1
 
   automountServiceAccountToken: false
 

diff --git a/helm/charts/keto/README.md b/helm/charts/keto/README.md
@@ -59,10 +59,10 @@ Access Control Policies as a Server
 | deployment.resources | object | `{}` |  |
 | deployment.revisionHistoryLimit | int | `5` | Number of revisions kept in history |
 | deployment.startupProbe.failureThreshold | int | `5` |  |
-| deployment.startupProbe.initialDelaySeconds | int | `0` |  |
+| deployment.startupProbe.initialDelaySeconds | int | `1` |  |
 | deployment.startupProbe.periodSeconds | int | `1` |  |
 | deployment.startupProbe.successThreshold | int | `1` |  |
-| deployment.startupProbe.timeoutSeconds | int | `1` |  |
+| deployment.startupProbe.timeoutSeconds | int | `2` |  |
 | deployment.strategy.rollingUpdate.maxSurge | string | `"25%"` |  |
 | deployment.strategy.rollingUpdate.maxUnavailable | string | `"25%"` |  |
 | deployment.strategy.type | string | `"RollingUpdate"` |  |

diff --git a/helm/charts/keto/values.yaml b/helm/charts/keto/values.yaml
@@ -309,8 +309,8 @@ deployment:
     failureThreshold: 5
     successThreshold: 1
     periodSeconds: 1
-    timeoutSeconds: 1
-    initialDelaySeconds: 0
+    timeoutSeconds: 2
+    initialDelaySeconds: 1
   ## -- Configure a custom livenessProbe. This overwrites the default object
   customLivenessProbe: {}
   ## -- Configure a custom readinessProbe. This overwrites the default object

diff --git a/helm/charts/kratos/README.md b/helm/charts/kratos/README.md
@@ -75,7 +75,7 @@ A ORY Kratos Helm chart for Kubernetes
 | deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | deployment.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | deployment.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
-| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":0,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":1}` | Configure the startupProbe parameters |
+| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":1,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":2}` | Configure the startupProbe parameters |
 | deployment.terminationGracePeriodSeconds | int | `60` |  |
 | deployment.tolerations | list | `[]` | Configure node tolerations. |
 | deployment.topologySpreadConstraints | list | `[]` | Configure pod topologySpreadConstraints. |

diff --git a/helm/charts/kratos/values.yaml b/helm/charts/kratos/values.yaml
@@ -221,8 +221,8 @@ deployment:
     failureThreshold: 5
     successThreshold: 1
     periodSeconds: 1
-    timeoutSeconds: 1
-    initialDelaySeconds: 0
+    timeoutSeconds: 2
+    initialDelaySeconds: 1
 
   # -- Configure a custom livenessProbe. This overwrites the default object
   customLivenessProbe: {}

diff --git a/helm/charts/oathkeeper/README.md b/helm/charts/oathkeeper/README.md
@@ -46,7 +46,6 @@ A Helm chart for deploying ORY Oathkeeper in Kubernetes
 | deployment.extraVolumes | list | `[]` | Extra volumes you can attach to the pod. |
 | deployment.labels | object | `{}` |  |
 | deployment.lifecycle | object | `{}` |  |
-| deployment.livenessProbe | object | `{"failureThreshold":5,"initialDelaySeconds":5,"periodSeconds":10}` | Configure the livenessProbe parameters |
 | deployment.nodeSelector | object | `{}` | Node labels for pod assignment. |
 | deployment.podMetadata | object | `{"annotations":{},"labels":{}}` | Specify pod metadata, this metadata is added directly to the pod, and not higher objects |
 | deployment.podMetadata.annotations | object | `{}` | Extra pod level annotations |
@@ -57,7 +56,7 @@ A Helm chart for deploying ORY Oathkeeper in Kubernetes
 | deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | deployment.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | deployment.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
-| deployment.startupProbe | object | `{"failureThreshold":60,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":1}` | Configure the startupProbe parameters |
+| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":1,"successThreshold":1,"timeoutSeconds":2}` | Configure the startupProbe parameters |
 | deployment.strategy.rollingUpdate | object | `{}` |  |
 | deployment.strategy.type | string | `"RollingUpdate"` |  |
 | deployment.terminationGracePeriodSeconds | int | `60` |  |

diff --git a/helm/charts/oathkeeper/templates/deployment-controller.yaml b/helm/charts/oathkeeper/templates/deployment-controller.yaml
@@ -146,24 +146,16 @@ spec:
               containerPort: {{ .Values.oathkeeper.config.serve.prometheus.port }}
           lifecycle:
             {{- toYaml .Values.deployment.lifecycle | nindent 12 }}
+          {{- if .Values.deployment.customLivenessProbe }}
           livenessProbe:
-            {{- if .Values.deployment.customLivenessProbe }}
-              {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }}
-            {{- else }}
-            httpGet:
-              path: /health/alive
-              port: http-api
-              httpHeaders:
-                - name: Host
-                  value: '127.0.0.1'
-            {{- toYaml .Values.deployment.livenessProbe | nindent 12 }}
-            {{- end }}
+            {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }}
+          {{- end }}
           readinessProbe:
             {{- if .Values.deployment.customReadinessProbe }}
               {{- toYaml .Values.deployment.customReadinessProbe | nindent 12 }}
             {{- else }}
             httpGet:
-              path: /health/ready
+              path: /health/alive
               port: http-api
               httpHeaders:
                 - name: Host

diff --git a/helm/charts/oathkeeper/templates/deployment-sidecar.yaml b/helm/charts/oathkeeper/templates/deployment-sidecar.yaml
@@ -124,24 +124,16 @@ spec:
             - name: http-metrics
               protocol: TCP
               containerPort: {{ .Values.oathkeeper.config.serve.prometheus.port }}
+          {{- if .Values.deployment.customLivenessProbe }}
           livenessProbe:
-            {{- if .Values.deployment.customLivenessProbe }}
-              {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }}
-            {{- else }}
-            httpGet:
-              path: /health/alive
-              port: http-api
-              httpHeaders:
-                - name: Host
-                  value: '127.0.0.1'
-            {{- toYaml .Values.deployment.livenessProbe | nindent 12 }}
-            {{- end }}
+            {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }}
+          {{- end }}
           readinessProbe:
             {{- if .Values.deployment.customReadinessProbe }}
               {{- toYaml .Values.deployment.customReadinessProbe | nindent 12 }}
             {{- else }}
             httpGet:
-              path: /health/ready
+              path: /health/alive
               port: http-api
               httpHeaders:
                 - name: Host

diff --git a/helm/charts/oathkeeper/values.yaml b/helm/charts/oathkeeper/values.yaml
@@ -250,22 +250,17 @@ deployment:
   #  memory: 128Mi
 
   lifecycle: {}
-  # -- Configure the livenessProbe parameters
-  livenessProbe:
-    initialDelaySeconds: 5
-    periodSeconds: 10
-    failureThreshold: 5
   # -- Configure the readinessProbe parameters
   readinessProbe:
     initialDelaySeconds: 5
     periodSeconds: 10
     failureThreshold: 5
   # -- Configure the startupProbe parameters
   startupProbe:
-    failureThreshold: 60
+    failureThreshold: 5
     successThreshold: 1
-    periodSeconds: 1
-    timeoutSeconds: 1
+    timeoutSeconds: 2
+    initialDelaySeconds: 1
 
   # -- Configure a custom livenessProbe. This overwrites the default object
   customLivenessProbe: {}