Probe Updates (#7)

* Set probe values in debug

Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>

* Set correct probe in webhook

Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>

* Remove toleration

Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>

* Fix spelling of readinessProbe

Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>

* Update README config examples

Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>

---------

Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>

README.md

@@ -26,10 +26,25 @@ For example, create a file `my-values.cue` with the following content:
 ```cue
 values: {
     controller: {
-        prometheus: enabled: true
+        config: logging: format:  "json"
+        podDisruptionBudget: minAvailable: 2
+
+        monitoring: {
+            enabled: true
+            serviceMonitor: enabled: true
+        }
+
+        image: {
+            tag: "v1.12.7"
+            digest: "sha256:6425a6a27c8f9afc589202238504384300e26fa1e03f9bd55c4ca86b645316f4"
+        }
     }
 
-    test: enabled: true
+    webhook: {
+        podDisruptionBudget: minAvailable: 2
+    }
+
+    test: enabled: false
 }
 ```
 
@@ -123,26 +138,32 @@ for deploying in a non production manner the below configuration should suffice:
 values: {
     logLevel: 4
 
+    // There are two ways to setup high availability one is to set the replicas in each controller section, another is
+    // this shortcut, which defaults to the recommended settings defined here: https://cert-manager.io/docs/installation/best-practice/#high-availability
+    highAvailability: enabled: true
+    // Setting the above true will ignore controller: replicas: etc and use the below
+    // highAvailanility: controllerReplicas: 2
+    // highAvailanility: webhookReplicas:    3
+    // highAvailanility: caInjectorReplicas: 2
+
+    // By default ServiceAccount tokens are not mounted, instead a Volume and VolumeMount are setup to add the
+    // ServiceAccount token to the Pod, so here we're reversing that
     controller: automountServiceAccountToken: true
-    controller: replicas: 1
     controller: serviceAccount: automountServiceAccountToken: true
     controller: volumes: []
     controller: volumeMounts: []
 
     caInjector: automountServiceAccountToken: true
-    caInjector: replicas: 1
     caInjector: serviceAccount: automountServiceAccountToken: true
     caInjector: volumes: []
     caInjector: volumeMounts: []
 
     webhook: automountServiceAccountToken: true
-    webhook: replicas: 1
     webhook: serviceAccount: automountServiceAccountToken: true
     webhook: volumes: []
     webhook: volumeMounts: []
 
     startupAPICheck: automountServiceAccountToken: true
-    startupAPICheck: replicas: 1
     startupAPICheck: serviceAccount: automountServiceAccountToken: true
     startupAPICheck: volumes: []
     startupAPICheck: volumeMounts: []

debug_values.cue

@@ -19,6 +19,13 @@ values: {
 		monitoring: enabled:               true
 		podDisruptionBudget: minAvailable: 2
 
+		livenessProbe: {
+			initialDelaySeconds: 30
+			periodSeconds:       15
+			failureThreshold:    4
+			timeoutSeconds:      2
+		}
+
 		strategy: {
 			type: "RollingUpdate"
 			rollingUpdate: {
@@ -30,6 +37,20 @@ values: {
 	webhook: {
 		podDisruptionBudget: minAvailable: 2
 
+		livenessProbe: {
+			initialDelaySeconds: 30
+			periodSeconds:       15
+			failureThreshold:    4
+			timeoutSeconds:      2
+		}
+
+		readinessProbe: {
+			initialDelaySeconds: 20
+			periodSeconds:       10
+			failureThreshold:    6
+			timeoutSeconds:      2
+		}
+
 		strategy: {
 			type: "RollingUpdate"
 			rollingUpdate: {

templates/config/component.cue

@@ -47,13 +47,7 @@ import (
 	}
 
 	strategy?: appsv1.#DeploymentStrategy
-	tolerations?: [...corev1.#Toleration] | [
-		{
-			key:      "node-restriction.kubernetes.io/reserved-for"
-			operator: "Equal"
-			value:    "platform"
-		},
-	]
+	tolerations?: [...corev1.#Toleration]
 	topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint]
 
 	volumeMounts: [...corev1.#VolumeMount] | *[{

templates/deploymentSpecWebhook.cue

@@ -145,7 +145,7 @@ import (
 					}
 
 					if #main_config.webhook.readinessProbe != _|_ {
-						readinessProbe: #main_config.webhook.livenessProbe & {
+						readinessProbe: #main_config.webhook.readinessProbe & {
 							httpGet: {
 								port:   "healthcheck"
 								path:   "/healthz"