Add support for http headers and custom ports on liveness/readiness probes
Problem to solve
Currently, httpGet
liveness probes and readiness probes are public if there is an ingress, but this is not always desirable. It should be possible to secure them by using a secondary port and authorization headers.
Proposal
Add the following values
-
livenessProbe.httpHeaders
, default[]
-
readinessProbe.httpHeaders
, default[]
-
livenessProbe.port
, defaultservice.internalPort
, use forhttpGet
andtcpSocket
probes- added in !193 (merged)
-
readinessProbe.port
, defaultservice.internalPort
, use forhttpGet
andtcpSocket
probes- added in !193 (merged)
with worker-specific overrides, and consume them in templates/deployment.yaml
and templates/worker-deployment.yaml
.
See https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ for details.