#911 Add liveness/readiness checks for trivy cache

Lukas Fischer · Lukas Fischer · commit 0c2ab34c8b03 · 2023-06-14T14:02:26.000+02:00
Trivy server provides a /healthz endpoint that always returns 200 (see aquasecurity/trivy#534), and according to the logs/stdout trivy only starts listening after downloading the database. The helm chart provided by trivy (added in aquasecurity/trivy#751) uses this endpoint for liveness and readiness checks as well. This change therefore integrates the same checks. Signed-off-by: Lukas Fischer <lukas.fischer@iteratec.com>
diff --git a/scanners/trivy/templates/trivy-database-cache.yaml b/scanners/trivy/templates/trivy-database-cache.yaml
@@ -48,4 +48,23 @@ spec:
         ports:
         - containerPort: 8080
           protocol: TCP
+          name: trivy-http
+        livenessProbe:
+          httpGet:
+            scheme: HTTP
+            path: /healthz
+            port: trivy-http
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 10
+        readinessProbe:
+          httpGet:
+            scheme: HTTP
+            path: /healthz
+            port: trivy-http
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
 {{- end }}
