From 5187c76f47c72c69d59bf1be43b13f79923223a6 Mon Sep 17 00:00:00 2001 From: Jagatguru Prasad Mishra Date: Thu, 29 Aug 2024 05:55:19 -0400 Subject: [PATCH] Adjusting probes to reduce CPU overload This adjustment is part of a proposed solution to address high CPU usage on the platform. Currently, Harbor pods are configured with timeoutSeconds=1 and failureThreshold=2 for several probes. However, the recommended values are timeoutSeconds=5 seconds or more and failureThreshold=3 or more. Other parameters, such as successThreshold and periodSeconds, already meet the recommended settings. This review updates the timeoutSeconds to 5 seconds and failureThreshold to 3 wherever these values were previously set to less than 3. Test Plan: PASS: build-pkgs && build-image PASS: AIO-SX app upload/apply/remove/delete PASS: AIO-SX Verify if the Liveness probes parameters are configured as follows: timeoutSeconds: 5 failureThreshold: <3 or more> successThreshold: 1 periodSeconds: 10 PASS: AIO-SX verify if harbor login page is accessibe and 'admin' user is able to login to harbor registry Story: 2010721 Task: 50933 Change-Id: I0031d792a3dd156702795c60d61afaf19c7e317d Signed-off-by: Jagatguru Prasad Mishra --- .../harbor-helm/debian/deb_folder/changelog | 6 + ...-liveness-and-readiness-probe-update.patch | 628 ++++++++++++++++++ .../debian/deb_folder/patches/series | 1 + .../harbor-helm/debian/meta_data.yaml | 4 +- .../harbor/harbor-static-overrides.yaml | 65 ++ 5 files changed, 702 insertions(+), 2 deletions(-) create mode 100644 helm-charts/upstream/harbor-helm/debian/deb_folder/patches/0004-liveness-and-readiness-probe-update.patch diff --git a/helm-charts/upstream/harbor-helm/debian/deb_folder/changelog b/helm-charts/upstream/harbor-helm/debian/deb_folder/changelog index 3ed16ef..e38cab9 100644 --- a/helm-charts/upstream/harbor-helm/debian/deb_folder/changelog +++ b/helm-charts/upstream/harbor-helm/debian/deb_folder/changelog @@ -1,3 +1,9 @@ +harbor-helm (1.12-4) unstable; urgency=medium + + * Liveness/readiness/startup probes update to reduce platform CPU usage + + -- Jagatguru Prasad Mishra Thu, 29 Aug 2024 03:16:21 -0400 + harbor-helm (1.12-3) unstable; urgency=medium * Internal change to disable huge pages in harbor db diff --git a/helm-charts/upstream/harbor-helm/debian/deb_folder/patches/0004-liveness-and-readiness-probe-update.patch b/helm-charts/upstream/harbor-helm/debian/deb_folder/patches/0004-liveness-and-readiness-probe-update.patch new file mode 100644 index 0000000..3aceddf --- /dev/null +++ b/helm-charts/upstream/harbor-helm/debian/deb_folder/patches/0004-liveness-and-readiness-probe-update.patch @@ -0,0 +1,628 @@ +From 4932177667cbbd345b2460351adbd304b567e405 Mon Sep 17 00:00:00 2001 +From: Jagatguru Prasad Mishra +Date: Tue, 3 Sep 2024 03:43:44 -0400 +Subject: [PATCH 1/1] liveness and readiness probe update +In this patch, following updates are made to the startup, readiness, and +liveness probes to reduce platform CPU usage: +timeoutSeconds is changed to 5. +failureThreshold is changed to 3. + +--- + templates/core/core-dpl.yaml | 18 ++- + templates/database/database-ss.yaml | 12 +- + templates/exporter/exporter-dpl.yaml | 14 ++- + templates/jobservice/jobservice-dpl.yaml | 14 ++- + templates/nginx/deployment.yaml | 14 ++- + templates/notary/notary-server.yaml | 14 ++- + templates/notary/notary-signer.yaml | 14 ++- + templates/portal/deployment.yaml | 14 ++- + templates/redis/statefulset.yaml | 14 ++- + templates/registry/registry-dpl.yaml | 28 +++-- + templates/trivy/trivy-sts.yaml | 18 +-- + values.yaml | 143 ++++++++++++++++++++++- + 12 files changed, 262 insertions(+), 55 deletions(-) + +diff --git a/templates/core/core-dpl.yaml b/templates/core/core-dpl.yaml +index 2ca8b0c..b859874 100644 +--- a/templates/core/core-dpl.yaml ++++ b/templates/core/core-dpl.yaml +@@ -52,24 +52,30 @@ spec: + path: /api/v2.0/ping + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.core.containerPort" . }} +- failureThreshold: 360 ++ failureThreshold: {{ .Values.core.startupProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.core.startupProbe.initialDelaySeconds }} +- periodSeconds: 10 ++ periodSeconds: {{ .Values.core.startupProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.core.startupProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.core.startupProbe.successThreshold }} + {{- end }} + livenessProbe: + httpGet: + path: /api/v2.0/ping + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.core.containerPort" . }} +- failureThreshold: 2 +- periodSeconds: 10 ++ failureThreshold: {{ .Values.core.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.core.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.core.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.core.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + path: /api/v2.0/ping + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.core.containerPort" . }} +- failureThreshold: 2 +- periodSeconds: 10 ++ failureThreshold: {{ .Values.core.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.core.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.core.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.core.readinessProbe.successThreshold }} + envFrom: + - configMapRef: + name: "{{ template "harbor.core" . }}" +diff --git a/templates/database/database-ss.yaml b/templates/database/database-ss.yaml +index 300edd0..f54389b 100644 +--- a/templates/database/database-ss.yaml ++++ b/templates/database/database-ss.yaml +@@ -80,16 +80,20 @@ spec: + exec: + command: + - /docker-healthcheck.sh +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.database.internal.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.database.internal.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.database.internal.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.database.internal.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.database.internal.livenessProbe.successThreshold }} + readinessProbe: + exec: + command: + - /docker-healthcheck.sh +- initialDelaySeconds: 1 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.database.internal.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.database.internal.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.database.internal.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.database.internal.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.database.internal.readinessProbe.successThreshold }} + {{- if .Values.database.internal.resources }} + resources: + {{ toYaml .Values.database.internal.resources | indent 10 }} +diff --git a/templates/exporter/exporter-dpl.yaml b/templates/exporter/exporter-dpl.yaml +index 5ff36f4..6077c50 100644 +--- a/templates/exporter/exporter-dpl.yaml ++++ b/templates/exporter/exporter-dpl.yaml +@@ -42,14 +42,20 @@ spec: + httpGet: + path: / + port: {{ .Values.metrics.exporter.port }} +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.exporter.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.exporter.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.exporter.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.exporter.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.exporter.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.metrics.exporter.port }} +- initialDelaySeconds: 30 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.exporter.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.exporter.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.exporter.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.exporter.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.exporter.readinessProbe.successThreshold }} + args: ["-log-level", "{{ .Values.logLevel }}"] + envFrom: + - configMapRef: +diff --git a/templates/jobservice/jobservice-dpl.yaml b/templates/jobservice/jobservice-dpl.yaml +index 32df454..832c12c 100644 +--- a/templates/jobservice/jobservice-dpl.yaml ++++ b/templates/jobservice/jobservice-dpl.yaml +@@ -57,15 +57,21 @@ spec: + path: /api/v1/stats + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.jobservice.containerPort" . }} +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.jobservice.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.jobservice.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.jobservice.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.jobservice.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.jobservice.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + path: /api/v1/stats + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.jobservice.containerPort" . }} +- initialDelaySeconds: 20 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.jobservice.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.jobservice.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.jobservice.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.jobservice.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.jobservice.readinessProbe.successThreshold }} + {{- if .Values.jobservice.resources }} + resources: + {{ toYaml .Values.jobservice.resources | indent 10 }} +diff --git a/templates/nginx/deployment.yaml b/templates/nginx/deployment.yaml +index bc1de0a..6737774 100644 +--- a/templates/nginx/deployment.yaml ++++ b/templates/nginx/deployment.yaml +@@ -57,15 +57,21 @@ spec: + scheme: {{ .scheme }} + path: / + port: {{ .port }} +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + scheme: {{ .scheme }} + path: / + port: {{ .port }} +- initialDelaySeconds: 1 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} + {{- if .Values.nginx.resources }} + resources: + {{ toYaml .Values.nginx.resources | indent 10 }} +diff --git a/templates/notary/notary-server.yaml b/templates/notary/notary-server.yaml +index 64cfd29..498ae1a 100644 +--- a/templates/notary/notary-server.yaml ++++ b/templates/notary/notary-server.yaml +@@ -44,15 +44,21 @@ spec: + path: /_notary_server/health + scheme: "HTTP" + port: 4443 +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.notary.server.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.notary.server.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.notary.server.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.notary.server.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.notary.server.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + path: /_notary_server/health + scheme: "HTTP" + port: 4443 +- initialDelaySeconds: 20 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.notary.server.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.notary.server.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.notary.server.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.notary.server.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.notary.server.readinessProbe.successThreshold }} + {{- if .Values.notary.server.resources }} + resources: + {{ toYaml .Values.notary.server.resources | indent 10 }} +diff --git a/templates/notary/notary-signer.yaml b/templates/notary/notary-signer.yaml +index d94e490..ddc6b26 100644 +--- a/templates/notary/notary-signer.yaml ++++ b/templates/notary/notary-signer.yaml +@@ -43,15 +43,21 @@ spec: + path: / + scheme: "HTTPS" + port: 7899 +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.notary.signer.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.notary.signer.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.notary.signer.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.notary.signer.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.notary.signer.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + path: / + scheme: "HTTPS" + port: 7899 +- initialDelaySeconds: 20 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.notary.signer.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.notary.signer.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.notary.signer.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.notary.signer.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.notary.signer.livenessProbe.successThreshold }} + {{- if .Values.notary.signer.resources }} + resources: + {{ toYaml .Values.notary.signer.resources | indent 10 }} +diff --git a/templates/portal/deployment.yaml b/templates/portal/deployment.yaml +index d3469de..eb425bc 100644 +--- a/templates/portal/deployment.yaml ++++ b/templates/portal/deployment.yaml +@@ -52,15 +52,21 @@ spec: + path: / + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.portal.containerPort" . }} +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.portal.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.portal.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.portal.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.portal.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.portal.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + path: / + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.portal.containerPort" . }} +- initialDelaySeconds: 1 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.portal.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.portal.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.portal.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.portal.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.portal.readinessProbe.successThreshold }} + ports: + - containerPort: {{ template "harbor.portal.containerPort" . }} + volumeMounts: +diff --git a/templates/redis/statefulset.yaml b/templates/redis/statefulset.yaml +index 74b7581..8859063 100644 +--- a/templates/redis/statefulset.yaml ++++ b/templates/redis/statefulset.yaml +@@ -43,13 +43,19 @@ spec: + livenessProbe: + tcpSocket: + port: 6379 +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + readinessProbe: + tcpSocket: + port: 6379 +- initialDelaySeconds: 1 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + {{- if .Values.redis.internal.resources }} + resources: + {{ toYaml .Values.redis.internal.resources | indent 10 }} +diff --git a/templates/registry/registry-dpl.yaml b/templates/registry/registry-dpl.yaml +index 118a165..5c24b82 100644 +--- a/templates/registry/registry-dpl.yaml ++++ b/templates/registry/registry-dpl.yaml +@@ -60,15 +60,21 @@ spec: + path: / + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.registry.containerPort" . }} +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.registry.registry.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.registry.registry.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.registry.registry.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.registry.registry.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.registry.registry.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + path: / + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.registry.containerPort" . }} +- initialDelaySeconds: 1 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.registry.registry.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.registry.registry.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.registry.registry.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.registry.registry.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.registry.registry.readinessProbe.successThreshold }} + {{- if .Values.registry.registry.resources }} + resources: + {{ toYaml .Values.registry.registry.resources | indent 10 }} +@@ -152,15 +158,21 @@ spec: + path: /api/health + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.registryctl.containerPort" . }} +- initialDelaySeconds: 300 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.registry.controller.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.registry.controller.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.registry.controller.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.registry.controller.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.registry.controller.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + path: /api/health + scheme: {{ include "harbor.component.scheme" . | upper }} + port: {{ template "harbor.registryctl.containerPort" . }} +- initialDelaySeconds: 1 +- periodSeconds: 10 ++ initialDelaySeconds: {{ .Values.registry.controller.readinessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.registry.controller.readinessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.registry.controller.readinessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.registry.controller.readinessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.registry.controller.readinessProbe.successThreshold }} + {{- if .Values.registry.controller.resources }} + resources: + {{ toYaml .Values.registry.controller.resources | indent 10 }} +diff --git a/templates/trivy/trivy-sts.yaml b/templates/trivy/trivy-sts.yaml +index 37b19ac..5a27b48 100644 +--- a/templates/trivy/trivy-sts.yaml ++++ b/templates/trivy/trivy-sts.yaml +@@ -131,19 +131,21 @@ spec: + scheme: {{ include "harbor.component.scheme" . | upper }} + path: /probe/healthy + port: api-server +- initialDelaySeconds: 5 +- periodSeconds: 10 +- successThreshold: 1 +- failureThreshold: 10 ++ initialDelaySeconds: {{ .Values.trivy.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.trivy.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.trivy.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.trivy.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.trivy.livenessProbe.successThreshold }} + readinessProbe: + httpGet: + scheme: {{ include "harbor.component.scheme" . | upper }} + path: /probe/ready + port: api-server +- initialDelaySeconds: 5 +- periodSeconds: 10 +- successThreshold: 1 +- failureThreshold: 3 ++ initialDelaySeconds: {{ .Values.trivy.livenessProbe.initialDelaySeconds }} ++ failureThreshold: {{ .Values.trivy.livenessProbe.failureThreshold }} ++ periodSeconds: {{ .Values.trivy.livenessProbe.periodSeconds }} ++ timeoutSeconds: {{ .Values.trivy.livenessProbe.timeoutSeconds }} ++ successThreshold: {{ .Values.trivy.livenessProbe.successThreshold }} + resources: + {{ toYaml .Values.trivy.resources | indent 12 }} + {{- if or (or .Values.internalTLS.enabled .Values.caBundleSecretName) (or (not .Values.persistence.enabled) $trivy.existingClaim) }} +diff --git a/values.yaml b/values.yaml +index 8e89cee..5a484fa 100644 +--- a/values.yaml ++++ b/values.yaml +@@ -408,6 +408,18 @@ nginx: + automountServiceAccountToken: false + replicas: 1 + revisionHistoryLimit: 10 ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 1 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + # resources: + # requests: + # memory: 256Mi +@@ -442,6 +454,18 @@ portal: + automountServiceAccountToken: false + replicas: 1 + revisionHistoryLimit: 10 ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 1 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + # resources: + # requests: + # memory: 256Mi +@@ -480,6 +504,20 @@ core: + startupProbe: + enabled: true + initialDelaySeconds: 10 ++ failureThreshold: 360 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ livenessProbe: ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + # resources: + # requests: + # memory: 256Mi +@@ -557,6 +595,18 @@ jobservice: + max_update_hours: 24 + # the max time for execution in running state without new task created + max_dangling_hours: 168 ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 20 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + + # resources: + # requests: +@@ -595,6 +645,18 @@ registry: + image: + repository: goharbor/registry-photon + tag: v2.8.0 ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 1 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + # resources: + # requests: + # memory: 256Mi +@@ -603,7 +665,18 @@ registry: + image: + repository: goharbor/harbor-registryctl + tag: v2.8.0 +- ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 1 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + # resources: + # requests: + # memory: 256Mi +@@ -722,6 +795,18 @@ trivy: + securityCheck: "vuln" + # The duration to wait for scan completion + timeout: 5m0s ++ livenessProbe: ++ initialDelaySeconds: 5 ++ failureThreshold: 10 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 5 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + resources: + requests: + cpu: 200m +@@ -760,6 +845,18 @@ notary: + repository: goharbor/notary-server-photon + tag: v2.8.0 + replicas: 1 ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 20 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + # resources: + # requests: + # memory: 256Mi +@@ -794,6 +891,18 @@ notary: + repository: goharbor/notary-signer-photon + tag: v2.8.0 + replicas: 1 ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 20 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + # resources: + # requests: + # memory: 256Mi +@@ -850,9 +959,17 @@ database: + # The timeout used in livenessProbe; 1 to 5 seconds + livenessProbe: + timeoutSeconds: 1 ++ initialDelaySeconds: 300 ++ periodSeconds: 10 ++ failureThreshold: 3 ++ successThreshold: 1 + # The timeout used in readinessProbe; 1 to 5 seconds + readinessProbe: + timeoutSeconds: 1 ++ initialDelaySeconds: 1 ++ periodSeconds: 10 ++ failureThreshold: 3 ++ successThreshold: 1 + nodeSelector: {} + tolerations: + - key: node-role.kubernetes.io/master +@@ -921,6 +1038,18 @@ redis: + image: + repository: goharbor/redis-photon + tag: v2.8.0 ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 1 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + # resources: + # requests: + # memory: 256Mi +@@ -984,6 +1113,18 @@ exporter: + cacheCleanInterval: 14400 + ## The priority class to run the pod as + priorityClassName: ++ livenessProbe: ++ initialDelaySeconds: 300 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 ++ readinessProbe: ++ initialDelaySeconds: 30 ++ failureThreshold: 3 ++ periodSeconds: 10 ++ timeoutSeconds: 1 ++ successThreshold: 1 + + metrics: + enabled: false +-- +2.25.1 + diff --git a/helm-charts/upstream/harbor-helm/debian/deb_folder/patches/series b/helm-charts/upstream/harbor-helm/debian/deb_folder/patches/series index 2bebd6b..53b68f0 100644 --- a/helm-charts/upstream/harbor-helm/debian/deb_folder/patches/series +++ b/helm-charts/upstream/harbor-helm/debian/deb_folder/patches/series @@ -1,3 +1,4 @@ 0001-AddNodeAffinityToPods.patch 0002-adding-control-plane-toleration-to-the-pods.patch 0003-disable-huge-pages.patch +0004-liveness-and-readiness-probe-update.patch diff --git a/helm-charts/upstream/harbor-helm/debian/meta_data.yaml b/helm-charts/upstream/harbor-helm/debian/meta_data.yaml index c070fef..51025ec 100644 --- a/helm-charts/upstream/harbor-helm/debian/meta_data.yaml +++ b/helm-charts/upstream/harbor-helm/debian/meta_data.yaml @@ -1,6 +1,6 @@ --- debname: harbor-helm -debver: 1.12-3 +debver: 1.12-4 dl_path: name: harbor-1.12.0.tar.gz url: https://github.com/goharbor/harbor-helm/archive/refs/tags/v1.12.0.tar.gz @@ -9,7 +9,7 @@ src_files: - harbor-helm/files/Makefile revision: dist: $STX_DIST - stx_patch: 2 + stx_patch: 3 GITREVCOUNT: SRC_DIR: ${MY_REPO}/stx/app-harbor/helm-charts/upstream/harbor-helm BASE_SRCREV: e097b7cfda6e1258151c9143f274bebec31335c9 diff --git a/stx-harbor-helm/stx-harbor-helm/fluxcd-manifests/harbor/harbor-static-overrides.yaml b/stx-harbor-helm/stx-harbor-helm/fluxcd-manifests/harbor/harbor-static-overrides.yaml index 04a3633..c740128 100644 --- a/stx-harbor-helm/stx-harbor-helm/fluxcd-manifests/harbor/harbor-static-overrides.yaml +++ b/stx-harbor-helm/stx-harbor-helm/fluxcd-manifests/harbor/harbor-static-overrides.yaml @@ -3,4 +3,69 @@ # # SPDX-License-Identifier: Apache-2.0 # +nginx: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 +portal: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 +core: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 + startupProbe: + timeoutSeconds: 5 +jobservice: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 +registry: + registry: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 + controller: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 +trivy: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 +notary: + server: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 + signer: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 +database: + internal: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 +redis: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5 +exporter: + livenessProbe: + timeoutSeconds: 5 + readinessProbe: + timeoutSeconds: 5