Merge pull request #51 from docker/feat-readiness

feat: add readiness probe
2024-07-25 10:04:20 -05:00
parent a5c6dfd299 4cfb3a3121
commit 3a9a97deda
3 changed files with 12 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -55,19 +55,11 @@ make docker-buildx
 # load the image into kind
 make kind-load-image

-# Choose one of the following ways to deploy the external data provider:
-
-# 1. client and server auth enabled (recommended)
-helm install attest-provider charts/external-data-provider \
+# deploy attest provider
+helm install attest-provider charts/attest-provider \
    --set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \
+    --set image="docker/attest-provider:dev" \
    --namespace "${NAMESPACE:-gatekeeper-system}"
-
-# 2. client auth disabled and server auth enabled
-helm install attest-provider charts/external-data-provider \
-    --set clientCAFile="" \
-    --set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \
-    --namespace "${NAMESPACE:-gatekeeper-system}" \
-    --create-namespace
 ```

 4. Install constraint template and constraint.
--- a/charts/attest-provider/templates/attest-provider-deployment.yaml
+++ b/charts/attest-provider/templates/attest-provider-deployment.yaml
@@ -68,6 +68,11 @@ spec:
          mountPath: {{ .Values.certDir }}
          readOnly: true
        {{- end }}
+        readinessProbe:
+          httpGet:
+            path: /ready
+            port: {{ .Values.port }}
+            scheme: HTTPS
      restartPolicy: Always
      nodeSelector:
        kubernetes.io/os: linux
--- a/main.go
+++ b/main.go
@@ -103,6 +103,9 @@ func main() {

 	mux.Handle("POST /validate", http.TimeoutHandler(validateHandler, handlerTimeout, timeoutError))
 	mux.Handle("POST /mutate", http.TimeoutHandler(mutateHandler, handlerTimeout, timeoutError))
+	mux.Handle("GET /ready", http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))

 	server := &http.Server{
 		Addr:              fmt.Sprintf(":%d", port),
@@ -125,7 +128,7 @@ func main() {
 		clientCAs.AppendCertsFromPEM(caCert)

 		config.ClientCAs = clientCAs
-		config.ClientAuth = tls.RequireAndVerifyClientCert
+		config.ClientAuth = tls.VerifyClientCertIfGiven
 		server.TLSConfig = config
 	}