diff --git a/.github/ct-install.yaml b/.github/ct-install.yaml index d5c8e7ab..c78f2db8 100644 --- a/.github/ct-install.yaml +++ b/.github/ct-install.yaml @@ -14,6 +14,7 @@ excluded-charts: - charts/stable/zalando-postgres-cluster - charts/stable/zigbee2mqtt - charts/stable/founderyvtt +- charts/stable/pod-gateway-setter chart-repos: - bitnami=https://charts.bitnami.com/bitnami - k8s-at-home-libraries=https://library-charts.k8s-at-home.com diff --git a/charts/stable/pod-gateway-setter/.helmignore b/charts/stable/pod-gateway-setter/.helmignore new file mode 100644 index 00000000..4379e2b3 --- /dev/null +++ b/charts/stable/pod-gateway-setter/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl diff --git a/charts/stable/pod-gateway-setter/Chart.yaml b/charts/stable/pod-gateway-setter/Chart.yaml new file mode 100644 index 00000000..81833e95 --- /dev/null +++ b/charts/stable/pod-gateway-setter/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +appVersion: 1.0.0 +description: Admision controller to change the default gateway and DNS server of PODs +name: pod-gateway-setter +version: 1.0.0 +kubeVersion: ">=1.16.0-0" +keywords: +- pod-gateway-setter +home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/pod-gateway-setter +icon: https://pod-gateway-setter.org/icon +sources: +- https://github.com/pod-gateway-setter/pod-gateway-setter-docker +maintainers: +- name: angelnu + email: git@angelnu.com +dependencies: +- name: common + repository: https://library-charts.k8s-at-home.com + version: 2.5.0 diff --git a/charts/stable/pod-gateway-setter/README.md b/charts/stable/pod-gateway-setter/README.md new file mode 100644 index 00000000..91fb0b35 --- /dev/null +++ b/charts/stable/pod-gateway-setter/README.md @@ -0,0 +1,168 @@ +# pod-gateway-setter + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +Admision controller to change the default gateway and DNS server of PODs + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)** + +## Source Code + +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://library-charts.k8s-at-home.com | common | 2.5.0 | + +## TL;DR + +```console +helm repo add k8s-at-home https://k8s-at-home.com/charts/ +helm repo update +helm install pod-gateway-setter k8s-at-home/pod-gateway-setter +``` + +## Installing the Chart + +To install the chart with the release name `pod-gateway-setter` + +```console +helm install pod-gateway-setter k8s-at-home/pod-gateway-setter +``` + +## Uninstalling the Chart + +To uninstall the `pod-gateway-setter` deployment + +```console +helm uninstall pod-gateway-setter +``` + +The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release. + +## Configuration + +Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install pod-gateway-setter \ + --set env.TZ="America/New York" \ + k8s-at-home/pod-gateway-setter +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install pod-gateway-setter k8s-at-home/pod-gateway-setter -f values.yaml +``` + +## Custom configuration + +You need to set `gateway` to the hostname or address of your gateway. Then +all PODs in namespaces with the matching label (`routed-gateway=true` by default) +will be processed by the webhook. + +The webhook by default changes all processed pods (remove `--setGatewayDefault` +if you want to change the default). You can also change the default for a +POD by adding a label or annotation (`setGateway` by default). + +Processed PODs will get their default gateway changed. DNS server will +also be set to the gateway (at least the option `--keepDNS` is used). + +Multiple instances of this chart might be installed that use different label +values. This is usufull, for example, to route multiple pod groups, each with +a different gateway. + +**IMPORTANT**: Do not deploy this chart to a namespace controlled by this +webhook. This would result in a likelly deathlock when upgrading the chart. + +**NOTE**: This char requires the cert-manager CRD to generate the required +certificates. + +## Values + +**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalVolumeMounts[0].mountPath | string | `"/tls"` | | +| additionalVolumeMounts[0].name | string | `"certs"` | | +| additionalVolumeMounts[0].readOnly | bool | `true` | | +| args[0] | string | `"--tls-cert-file-path=/tls/tls.crt"` | | +| args[1] | string | `"--tls-key-file-path=/tls/tls.key"` | | +| args[2] | string | `"--setGatewayDefault"` | | +| args[3] | string | `"--setGatewayLabel=setGateway"` | | +| args[4] | string | `"--setGatewayAnnotation=setGateway"` | | +| gateway | string | `"10.0.2.7"` | Gateway to route traffic to. Can be an hostname or an IP | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"ghcr.io/k8s-at-home/gateway-admision-controller"` | | +| image.tag | string | `"v2.0.0"` | | +| ingress.enabled | bool | `false` | | +| namespaceSelector | object | `{"matchLabels":{"routed-gateway":"true"}}` | Selector for namespace. All pods in this namespace will get their default gateway changed | +| probes.liveness.custom | bool | `true` | | +| probes.liveness.enabled | bool | `true` | | +| probes.liveness.spec.failureThreshold | int | `5` | | +| probes.liveness.spec.httpGet.path | string | `"/wh/health"` | | +| probes.liveness.spec.httpGet.port | int | `8080` | | +| probes.liveness.spec.httpGet.scheme | string | `"HTTPS"` | | +| probes.liveness.spec.initialDelaySeconds | int | `1` | | +| probes.liveness.spec.timeoutSeconds | int | `10` | | +| probes.readiness.custom | bool | `true` | | +| probes.readiness.enabled | bool | `true` | | +| probes.readiness.spec.failureThreshold | int | `5` | | +| probes.readiness.spec.httpGet.path | string | `"/wh/health"` | | +| probes.readiness.spec.httpGet.port | int | `8080` | | +| probes.readiness.spec.httpGet.scheme | string | `"HTTPS"` | | +| probes.readiness.spec.initialDelaySeconds | int | `1` | | +| probes.readiness.spec.timeoutSeconds | int | `10` | | +| probes.startup.custom | bool | `true` | | +| probes.startup.enabled | bool | `true` | | +| probes.startup.spec.failureThreshold | int | `30` | | +| probes.startup.spec.httpGet.path | string | `"/wh/health"` | | +| probes.startup.spec.httpGet.port | int | `8080` | | +| probes.startup.spec.httpGet.scheme | string | `"HTTPS"` | | +| probes.startup.spec.periodSeconds | int | `1` | | +| service.port.path | string | `"/wh/mutating/setgateway"` | | +| service.port.port | int | `8080` | | +| strategy.type | string | `"RollingUpdate"` | | + +## Changelog + +All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog). + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +### [1.0.0] + +#### Added + +- Initial version + +#### Changed + +- N/A + +#### Removed + +- N/A + +[1.0.0]: #1.0.0 + +## Support + +- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/) +- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose) +- Ask a [question](https://github.com/k8s-at-home/organization/discussions) +- Join our [Discord](https://discord.gg/sTMX7Vh) community + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/stable/pod-gateway-setter/README.md.gotmpl b/charts/stable/pod-gateway-setter/README.md.gotmpl new file mode 100644 index 00000000..358abe31 --- /dev/null +++ b/charts/stable/pod-gateway-setter/README.md.gotmpl @@ -0,0 +1,146 @@ +{{- define "custom.repository.organization" -}} +k8s-at-home +{{- end -}} + +{{- define "custom.repository.url" -}} +https://github.com/k8s-at-home/charts +{{- end -}} + +{{- define "custom.helm.url" -}} +https://k8s-at-home.com/charts/ +{{- end -}} + +{{- define "custom.helm.path" -}} +{{ template "custom.repository.organization" . }}/{{ template "chart.name" . }} +{{- end -}} + +{{- define "custom.notes" -}} +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)** +{{- end -}} + +{{- define "custom.requirements" -}} +## Requirements + +{{ template "chart.kubeVersionLine" . }} +{{- end -}} + +{{- define "custom.dependencies" -}} +## Dependencies + +{{ template "chart.requirementsTable" . }} +{{- end -}} + +{{- define "custom.install.tldr" -}} +## TL;DR + +```console +helm repo add {{ template "custom.repository.organization" . }} {{ template "custom.helm.url" . }} +helm repo update +helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} +``` +{{- end -}} + +{{- define "custom.install" -}} +## Installing the Chart + +To install the chart with the release name `{{ template "chart.name" . }}` + +```console +helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} +``` +{{- end -}} + +{{- define "custom.uninstall" -}} +## Uninstalling the Chart + +To uninstall the `{{ template "chart.name" . }}` deployment + +```console +helm uninstall {{ template "chart.name" . }} +``` + +The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release. +{{- end -}} + +{{- define "custom.configuration.header" -}} +## Configuration +{{- end -}} + +{{- define "custom.configuration.readValues" -}} +Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). +{{- end -}} + +{{- define "custom.configuration.example.set" -}} +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install {{ template "chart.name" . }} \ + --set env.TZ="America/New York" \ + {{ template "custom.helm.path" . }} +``` +{{- end -}} + +{{- define "custom.configuration.example.file" -}} +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -f values.yaml +``` +{{- end -}} + +{{- define "custom.valuesSection" -}} +## Values + +**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common) + +{{ template "chart.valuesTable" . }} +{{- end -}} + +{{- define "custom.support" -}} +## Support + +- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/) +- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose) +- Ask a [question](https://github.com/k8s-at-home/organization/discussions) +- Join our [Discord](https://discord.gg/sTMX7Vh) community +{{- end -}} + +{{ template "chart.header" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "custom.notes" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "custom.requirements" . }} + +{{ template "custom.dependencies" . }} + +{{ template "custom.install.tldr" . }} + +{{ template "custom.install" . }} + +{{ template "custom.uninstall" . }} + +{{ template "custom.configuration.header" . }} + +{{ template "custom.configuration.readValues" . }} + +{{ template "custom.configuration.example.set" . }} + +{{ template "custom.configuration.example.file" . }} + +{{ template "custom.custom.configuration" . }} + +{{ template "custom.valuesSection" . }} + +{{ template "custom.changelog" . }} + +{{ template "custom.support" . }} + +{{ template "helm-docs.versionFooter" . }} +{{ "" }} diff --git a/charts/stable/pod-gateway-setter/README_CHANGELOG.md.gotmpl b/charts/stable/pod-gateway-setter/README_CHANGELOG.md.gotmpl new file mode 100644 index 00000000..99c5085f --- /dev/null +++ b/charts/stable/pod-gateway-setter/README_CHANGELOG.md.gotmpl @@ -0,0 +1,27 @@ +{{- define "custom.changelog.header" -}} +## Changelog +{{- end -}} + +{{- define "custom.changelog" -}} +{{ template "custom.changelog.header" . }} + +All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog). + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +### [1.0.0] + +#### Added + +- Initial version + +#### Changed + +- N/A + +#### Removed + +- N/A + +[1.0.0]: #1.0.0 +{{- end -}} diff --git a/charts/stable/pod-gateway-setter/README_CONFIG.md.gotmpl b/charts/stable/pod-gateway-setter/README_CONFIG.md.gotmpl new file mode 100644 index 00000000..9e696c38 --- /dev/null +++ b/charts/stable/pod-gateway-setter/README_CONFIG.md.gotmpl @@ -0,0 +1,29 @@ +{{- define "custom.custom.configuration.header" -}} +## Custom configuration +{{- end -}} + +{{- define "custom.custom.configuration" -}} +{{ template "custom.custom.configuration.header" . }} + +You need to set `gateway` to the hostname or address of your gateway. Then +all PODs in namespaces with the matching label (`routed-gateway=true` by default) +will be processed by the webhook. + +The webhook by default changes all processed pods (remove `--setGatewayDefault` +if you want to change the default). You can also change the default for a +POD by adding a label or annotation (`setGateway` by default). + +Processed PODs will get their default gateway changed. DNS server will +also be set to the gateway (at least the option `--keepDNS` is used). + +Multiple instances of this chart might be installed that use different label +values. This is usufull, for example, to route multiple pod groups, each with +a different gateway. + +**IMPORTANT**: Do not deploy this chart to a namespace controlled by this +webhook. This would result in a likelly deathlock when upgrading the chart. + +**NOTE**: This char requires the cert-manager CRD to generate the required +certificates. + +{{- end -}} diff --git a/charts/stable/pod-gateway-setter/templates/NOTES.txt b/charts/stable/pod-gateway-setter/templates/NOTES.txt new file mode 100644 index 00000000..90f7b653 --- /dev/null +++ b/charts/stable/pod-gateway-setter/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "common.notes.defaultNotes" . -}} diff --git a/charts/stable/pod-gateway-setter/templates/admissionregistration.yaml b/charts/stable/pod-gateway-setter/templates/admissionregistration.yaml new file mode 100644 index 00000000..ead67e82 --- /dev/null +++ b/charts/stable/pod-gateway-setter/templates/admissionregistration.yaml @@ -0,0 +1,29 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ include "common.names.fullname" . | quote }} + labels: + {{- include "common.labels" . | nindent 4 }} + annotations: + cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "pod-gateway-setter.servingCertificate" . }}" +webhooks: +- name: "{{ include "common.names.fullname" . }}.svc.cluster.local" + namespaceSelector: + {{- with .Values.namespaceSelector }} + {{ toYaml . | nindent 4 }} + {{- end }} + rules: + - apiGroups: [""] + apiVersions: ["v1"] + operations: ["CREATE"] + resources: ["pods"] + scope: "Namespaced" + clientConfig: + service: + namespace: {{ .Release.Namespace | quote }} + name: {{ include "common.names.fullname" . | quote }} + path: {{ .Values.service.port.path | quote }} + port: {{ .Values.service.port.port }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None + timeoutSeconds: 5 diff --git a/charts/stable/pod-gateway-setter/templates/common.yaml b/charts/stable/pod-gateway-setter/templates/common.yaml new file mode 100644 index 00000000..53cae336 --- /dev/null +++ b/charts/stable/pod-gateway-setter/templates/common.yaml @@ -0,0 +1,40 @@ +{{/* Make sure all variables are set properly */}} +{{- include "common.values.setup" . }} + +{{- define "pod-gateway-setter.selfSignedIssuer" -}} +{{ printf "%s-selfsign" (include "common.names.fullname" .) }} +{{- end -}} + +{{- define "pod-gateway-setter.rootCAIssuer" -}} +{{ printf "%s-ca" (include "common.names.fullname" .) }} +{{- end -}} + +{{- define "pod-gateway-setter.rootCACertificate" -}} +{{ printf "%s-ca" (include "common.names.fullname" .) }} +{{- end -}} + +{{- define "pod-gateway-setter.servingCertificate" -}} +{{ printf "%s-webhook-tls" (include "common.names.fullname" .) }} +{{- end -}} + + +{{/* Append the cert secret to the additionalVolumes */}} +{{- define "pod-gateway-setter.servingCertificate.volume" -}} +name: certs +secret: + secretName: {{ include "pod-gateway-setter.servingCertificate" . }} +{{- end -}} + +{{- $volume := include "pod-gateway-setter.servingCertificate.volume" . | fromYaml -}} +{{- if $volume -}} + {{- $additionalVolumes := append .Values.additionalVolumes $volume }} + {{- $_ := set .Values "additionalVolumes" (deepCopy $additionalVolumes) -}} +{{- end -}} + + +{{/* Append generated args */}} +{{- $noop := printf "--webhook-listen-address=:%s" (.Values.service.port.port |toString) | append .Values.args | set .Values "args" -}} +{{- $noop := printf "--gateway=%s" .Values.gateway | append .Values.args | set .Values "args" -}} + +{{/* Render the templates */}} +{{ include "common.all" . }} diff --git a/charts/stable/pod-gateway-setter/templates/pki.yaml b/charts/stable/pod-gateway-setter/templates/pki.yaml new file mode 100644 index 00000000..6b5f74da --- /dev/null +++ b/charts/stable/pod-gateway-setter/templates/pki.yaml @@ -0,0 +1,66 @@ +--- +# Create a selfsigned Issuer, in order to create a root CA certificate for +# signing webhook serving certificates +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "pod-gateway-setter.selfSignedIssuer" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "common.labels" . | nindent 4 }} +spec: + selfSigned: {} + +--- + +# Generate a CA Certificate used to sign certificates for the webhook +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "pod-gateway-setter.rootCACertificate" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "common.labels" . | nindent 4 }} +spec: + secretName: {{ include "pod-gateway-setter.rootCACertificate" . }} + duration: 43800h # 5y + issuerRef: + name: {{ include "pod-gateway-setter.selfSignedIssuer" . }} + kind: Issuer + commonName: "ca.pod-gateway-setter.cert-manager" + isCA: true + +--- + +# Create an Issuer that uses the above generated CA certificate to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "pod-gateway-setter.rootCAIssuer" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "common.labels" . | nindent 4 }} +spec: + ca: + secretName: {{ include "pod-gateway-setter.rootCACertificate" . }} + +--- + +# Finally, generate a serving certificate for the webhook to use +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "pod-gateway-setter.servingCertificate" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "common.labels" . | nindent 4 }} +spec: + secretName: {{ include "pod-gateway-setter.servingCertificate" . }} + duration: 8760h # 1y + issuerRef: + name: {{ include "pod-gateway-setter.rootCAIssuer" . }} + kind: Issuer + dnsNames: + - {{ include "common.names.fullname" . }} + - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }} + - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc diff --git a/charts/stable/pod-gateway-setter/values.yaml b/charts/stable/pod-gateway-setter/values.yaml new file mode 100644 index 00000000..53f89462 --- /dev/null +++ b/charts/stable/pod-gateway-setter/values.yaml @@ -0,0 +1,92 @@ +# +# IMPORTANT NOTE +# +# This chart inherits from our common library chart. You can check the default values/options here: +# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml +# + +image: + repository: ghcr.io/k8s-at-home/gateway-admision-controller + pullPolicy: IfNotPresent + tag: v2.0.0 + +# -- Gateway to route traffic to. +# Can be an hostname or an IP +gateway: 10.0.2.7 + +# -- Selector for namespace. +# All pods in this namespace will get their default gateway changed +namespaceSelector: + matchLabels: + routed-gateway: "true" + # matchExpressions: + # - key: notTouch + # operator: NotIn + # values: ["1"] + +strategy: + type: RollingUpdate + +# Args for webhook +# See more information in the container git repository at +# https://github.com/k8s-at-home/gateway-admision-controller +args: +- --tls-cert-file-path=/tls/tls.crt +- --tls-key-file-path=/tls/tls.key +- --setGatewayDefault +- --setGatewayLabel=setGateway +- --setGatewayAnnotation=setGateway +# - --debug +# - --development +# - --keepDNS +# Set by Helm chart: +# --webhook-listen-address=: +# --gateway= + +service: + port: + path: /wh/mutating/setgateway + port: 8080 + +ingress: + enabled: false + +additionalVolumeMounts: +- name: certs + mountPath: /tls + readOnly: true + +# Probes configuration +probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + scheme: HTTPS + port: 8080 + path: /wh/health + initialDelaySeconds: 1 + failureThreshold: 5 + timeoutSeconds: 10 + readiness: + enabled: true + custom: true + spec: + httpGet: + scheme: HTTPS + port: 8080 + path: /wh/health + initialDelaySeconds: 1 + failureThreshold: 5 + timeoutSeconds: 10 + startup: + enabled: true + custom: true + spec: + httpGet: + scheme: HTTPS + port: 8080 + path: /wh/health + failureThreshold: 30 + periodSeconds: 1