From 3f8336e3bee83dc2a5f43097488016d7b3d113fb Mon Sep 17 00:00:00 2001 From: Tom Hayward Date: Wed, 25 Feb 2026 08:09:13 -0800 Subject: [PATCH 1/2] ci: enable kiwigrid/k8s-sidecar in tests Signed-off-by: Tom Hayward --- ci/test-configmap-values.yaml | 4 ++++ ci/test-deployment-values.yaml | 4 ++++ ci/test-sts-values.yaml | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/ci/test-configmap-values.yaml b/ci/test-configmap-values.yaml index 66f4bff1..1c99ad7e 100644 --- a/ci/test-configmap-values.yaml +++ b/ci/test-configmap-values.yaml @@ -127,6 +127,8 @@ alertmanager: extraVolumeMounts: - name: tmp-test mountPath: /tmp-test + sidecar: + enabled: true ruler: replicas: 1 enabled: true @@ -136,6 +138,8 @@ ruler: extraVolumeMounts: - name: tmp-test mountPath: /tmp-test + sidecar: + enabled: true store_gateway: startupProbe: null replicas: 1 diff --git a/ci/test-deployment-values.yaml b/ci/test-deployment-values.yaml index 30960b49..195ca178 100644 --- a/ci/test-deployment-values.yaml +++ b/ci/test-deployment-values.yaml @@ -134,6 +134,8 @@ alertmanager: extraVolumeMounts: - name: tmp-test mountPath: /tmp-test + sidecar: + enabled: true ruler: replicas: 1 enabled: true @@ -143,6 +145,8 @@ ruler: extraVolumeMounts: - name: tmp-test mountPath: /tmp-test + sidecar: + enabled: true store_gateway: startupProbe: null replicas: 1 diff --git a/ci/test-sts-values.yaml b/ci/test-sts-values.yaml index 035fe7b6..5e819876 100644 --- a/ci/test-sts-values.yaml +++ b/ci/test-sts-values.yaml @@ -125,6 +125,8 @@ alertmanager: extraVolumeMounts: - name: tmp-test mountPath: /tmp-test + sidecar: + enabled: true ruler: replicas: 1 enabled: true @@ -134,6 +136,8 @@ ruler: extraVolumeMounts: - name: tmp-test mountPath: /tmp-test + sidecar: + enabled: true store_gateway: startupProbe: null replicas: 1 From e9e15d7bfa4c78944323f7f711b1dd9286d25459 Mon Sep 17 00:00:00 2001 From: Tom Hayward Date: Wed, 25 Feb 2026 08:52:14 -0800 Subject: [PATCH 2/2] override kiwigrid/k8s-sidecar health port to avoid conflict and enable probes Signed-off-by: Tom Hayward --- CHANGELOG.md | 2 ++ README.md | 14 +++++++++++ templates/alertmanager/alertmanager-dep.yaml | 16 +++++++++++++ .../alertmanager-statefulset.yaml | 16 +++++++++++++ templates/ruler/ruler-dep.yaml | 16 +++++++++++++ values.yaml | 24 +++++++++++++++++++ 6 files changed, 88 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dfce9fad..77ca8b11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,11 @@ ## master / unreleased +* [ENHANCEMENT] enable readiness probe on kiwigrid/k8s-sidecar #597 * [DEPENDENCY] update kiwigrid/k8s-sidecar docker tag to v2.5.0 #568 * [DEPENDENCY] update memcached docker tag to v1.6.40 #580 * [DEPENDENCY] update prom/memcached-exporter docker tag to v0.15.5 #581 +* [BUGFIX] override kiwigrid/k8s-sidecar health port to avoid conflict #597 ## 3.1.0 / 2026-02-24 diff --git a/README.md b/README.md index 0b42b8fa..e0615954 100644 --- a/README.md +++ b/README.md @@ -141,16 +141,23 @@ Kubernetes: `^1.19.0-0` | alertmanager.​sidecar.​enabled | bool | `false` | Enable sidecar that collect the configmaps with specified label and stores the included files them into the respective folders | | alertmanager.​sidecar.​folder | string | `"/data"` | Folder where the files should be placed. | | alertmanager.​sidecar.​folderAnnotation | string | `"k8s-sidecar-target-directory"` | The annotation the sidecar will look for in ConfigMaps and/or Secrets to override the destination folder for files. If the value is a relative path, it will be relative to FOLDER | +| alertmanager.​sidecar.​healthPort | int | `8081` | The port the kiwigrid/k8s-sidecar listens on for health checks. The image default matches the cortex default listen port (8080), so it must be overridden here. | | alertmanager.​sidecar.​image.​repository | string | `"kiwigrid/k8s-sidecar"` | | | alertmanager.​sidecar.​image.​sha | string | `""` | | | alertmanager.​sidecar.​image.​tag | string | `"2.5.0"` | | | alertmanager.​sidecar.​imagePullPolicy | string | `"IfNotPresent"` | | | alertmanager.​sidecar.​label | string | `"cortex_alertmanager"` | Label that should be used for filtering | | alertmanager.​sidecar.​labelValue | string | `""` | The value for the label you want to filter your resources on. Don't set a value to filter by any value | +| alertmanager.​sidecar.​readinessProbe.​httpGet.​path | string | `"/healthz"` | | +| alertmanager.​sidecar.​readinessProbe.​httpGet.​port | string | `"sidecar-health"` | | +| alertmanager.​sidecar.​readinessProbe.​periodSeconds | int | `5` | | | alertmanager.​sidecar.​resource | string | `"both"` | The resource type that the operator will filter for. Can be configmap, secret or both | | alertmanager.​sidecar.​resources | object | `{}` | | | alertmanager.​sidecar.​searchNamespace | string | `""` | The Namespace(s) from which resources will be watched. For multiple namespaces, use a comma-separated string like "default,test". If not set or set to ALL, it will watch all Namespaces. | | alertmanager.​sidecar.​skipTlsVerify | bool | `false` | Set to true to skip tls verification for kube api calls | +| alertmanager.​sidecar.​startupProbe.​httpGet.​path | string | `"/healthz"` | | +| alertmanager.​sidecar.​startupProbe.​httpGet.​port | string | `"sidecar-health"` | | +| alertmanager.​sidecar.​startupProbe.​periodSeconds | int | `5` | | | alertmanager.​sidecar.​watchMethod | string | `""` | Determines how kopf-k8s-sidecar will run. If WATCH it will run like a normal operator forever. If LIST it will gather the matching configmaps and secrets currently present, write those files to the destination directory and die | | alertmanager.​startupProbe.​failureThreshold | int | `10` | | | alertmanager.​startupProbe.​httpGet.​path | string | `"/ready"` | | @@ -827,16 +834,23 @@ Kubernetes: `^1.19.0-0` | ruler.​sidecar.​enabled | bool | `false` | Enable sidecar that collect the configmaps with specified label and stores the included files them into the respective folders | | ruler.​sidecar.​folder | string | `"/data/rules"` | Folder where the files should be placed. | | ruler.​sidecar.​folderAnnotation | string | `"k8s-sidecar-target-directory"` | The annotation the sidecar will look for in ConfigMaps and/or Secrets to override the destination folder for files. If the value is a relative path, it will be relative to FOLDER | +| ruler.​sidecar.​healthPort | int | `8081` | The port the kiwigrid/k8s-sidecar listens on for health checks. The image default matches the cortex default listen port (8080), so it must be overridden here. | | ruler.​sidecar.​image.​repository | string | `"kiwigrid/k8s-sidecar"` | | | ruler.​sidecar.​image.​sha | string | `""` | | | ruler.​sidecar.​image.​tag | string | `"2.5.0"` | | | ruler.​sidecar.​imagePullPolicy | string | `"IfNotPresent"` | | | ruler.​sidecar.​label | string | `"cortex_rules"` | label that the configmaps with rules are marked with | | ruler.​sidecar.​labelValue | string | `""` | The value for the label you want to filter your resources on. Don't set a value to filter by any value | +| ruler.​sidecar.​readinessProbe.​httpGet.​path | string | `"/healthz"` | | +| ruler.​sidecar.​readinessProbe.​httpGet.​port | string | `"sidecar-health"` | | +| ruler.​sidecar.​readinessProbe.​periodSeconds | int | `5` | | | ruler.​sidecar.​resource | string | `"both"` | The resource type that the operator will filter for. Can be configmap, secret or both | | ruler.​sidecar.​resources | object | `{}` | | | ruler.​sidecar.​searchNamespace | string | `""` | The Namespace(s) from which resources will be watched. For multiple namespaces, use a comma-separated string like "default,test". If not set or set to ALL, it will watch all Namespaces. | | ruler.​sidecar.​skipTlsVerify | bool | `false` | Set to true to skip tls verification for kube api calls | +| ruler.​sidecar.​startupProbe.​httpGet.​path | string | `"/healthz"` | | +| ruler.​sidecar.​startupProbe.​httpGet.​port | string | `"sidecar-health"` | | +| ruler.​sidecar.​startupProbe.​periodSeconds | int | `5` | | | ruler.​sidecar.​watchMethod | string | `""` | Determines how kopf-k8s-sidecar will run. If WATCH it will run like a normal operator forever. If LIST it will gather the matching configmaps and secrets currently present, write those files to the destination directory and die | | ruler.​startupProbe.​failureThreshold | int | `10` | | | ruler.​startupProbe.​httpGet.​path | string | `"/ready"` | | diff --git a/templates/alertmanager/alertmanager-dep.yaml b/templates/alertmanager/alertmanager-dep.yaml index 0dcb2128..cd080672 100644 --- a/templates/alertmanager/alertmanager-dep.yaml +++ b/templates/alertmanager/alertmanager-dep.yaml @@ -88,6 +88,22 @@ spec: - name: FOLDER_ANNOTATION value: "{{ .Values.alertmanager.sidecar.folderAnnotation }}" {{- end }} + {{- with .Values.alertmanager.sidecar.healthPort }} + - name: HEALTH_PORT + value: "{{ . }}" + ports: + - name: sidecar-health + containerPort: {{ . }} + protocol: TCP + {{- end }} + {{- with .Values.alertmanager.sidecar.startupProbe }} + startupProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.alertmanager.sidecar.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.alertmanager.sidecar.resources | nindent 12 }} {{- if .Values.alertmanager.sidecar.containerSecurityContext.enabled }} diff --git a/templates/alertmanager/alertmanager-statefulset.yaml b/templates/alertmanager/alertmanager-statefulset.yaml index 86b331d8..c0be57db 100644 --- a/templates/alertmanager/alertmanager-statefulset.yaml +++ b/templates/alertmanager/alertmanager-statefulset.yaml @@ -145,6 +145,22 @@ spec: - name: FOLDER_ANNOTATION value: "{{ .Values.alertmanager.sidecar.folderAnnotation }}" {{- end }} + {{- with .Values.alertmanager.sidecar.healthPort }} + - name: HEALTH_PORT + value: "{{ . }}" + ports: + - name: sidecar-health + containerPort: {{ . }} + protocol: TCP + {{- end }} + {{- with .Values.alertmanager.sidecar.startupProbe }} + startupProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.alertmanager.sidecar.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.alertmanager.sidecar.resources | nindent 12 }} {{- if .Values.alertmanager.sidecar.containerSecurityContext.enabled }} diff --git a/templates/ruler/ruler-dep.yaml b/templates/ruler/ruler-dep.yaml index b66d4c6e..5df0c071 100644 --- a/templates/ruler/ruler-dep.yaml +++ b/templates/ruler/ruler-dep.yaml @@ -90,6 +90,22 @@ spec: - name: FOLDER_ANNOTATION value: "{{ .Values.ruler.sidecar.folderAnnotation }}" {{- end }} + {{- with .Values.ruler.sidecar.healthPort }} + - name: HEALTH_PORT + value: "{{ . }}" + ports: + - name: sidecar-health + containerPort: {{ . }} + protocol: TCP + {{- end }} + {{- with .Values.ruler.sidecar.startupProbe }} + startupProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.ruler.sidecar.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.ruler.sidecar.resources | nindent 12 }} {{- if .Values.ruler.containerSecurityContext.enabled }} diff --git a/values.yaml b/values.yaml index 8382f885..31f6368a 100644 --- a/values.yaml +++ b/values.yaml @@ -317,6 +317,18 @@ alertmanager: containerSecurityContext: enabled: true readOnlyRootFilesystem: true + # -- The port the kiwigrid/k8s-sidecar listens on for health checks. The image default matches the cortex default listen port (8080), so it must be overridden here. + healthPort: 8081 + startupProbe: + httpGet: + path: /healthz + port: sidecar-health + periodSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: sidecar-health + periodSeconds: 5 distributor: enabled: true @@ -734,6 +746,18 @@ ruler: containerSecurityContext: enabled: true readOnlyRootFilesystem: true + # -- The port the kiwigrid/k8s-sidecar listens on for health checks. The image default matches the cortex default listen port (8080), so it must be overridden here. + healthPort: 8081 + startupProbe: + httpGet: + path: /healthz + port: sidecar-health + periodSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: sidecar-health + periodSeconds: 5 querier: enabled: true