Skip to content

fix liveness and readiness probes for webserver #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
henzigo wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix liveness and readiness probes for webserver #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions UPGRADE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,25 @@
2. Run `composer update shopsys/deployment`
3. Check files in mentioned pull requests and if you have any of them extended in your project, apply changes manually

## Upgrade from v5.0.0 to v5.1.0

- health check for webserver now uses PHP-FPM `ping` endpoint instead of nginx `stub_status` ([#71](https://github.com/shopsys/deployment/pull/71))
- update the `/health` location block in `project-nginx.conf` in your project's `app/orchestration/kubernetes/configmap/nginx.yaml` file to pass the request to PHP-FPM:
```diff
location /health {
- stub_status on;
access_log off;
+
+ include fastcgi_params;
+ fastcgi_read_timeout 3s;
+ fastcgi_param SCRIPT_FILENAME /ping;
+ fastcgi_param SCRIPT_NAME /ping;
+ fastcgi_param REQUEST_METHOD GET;
+
+ fastcgi_pass php-upstream;
}
```

## Upgrade from v4.6.1 to v5.0.0

- remove files that are already part of project-base by default ([#66](https://github.com/shopsys/deployment/pull/66))
Expand Down
2 changes: 2 additions & 0 deletions kubernetes/configmap/production-php-fpm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ data:
[www]

listen = 127.0.0.1:9000
ping.path = /ping
ping.response = pong

pm = dynamic
pm.max_children = 20
Expand Down
35 changes: 24 additions & 11 deletions kubernetes/deployments/webserver-php-fpm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,10 +94,19 @@ spec:
command: ["/var/www/html/phing", "-S", "warmup"]
preStop:
exec:
command:
- sh
- '-c'
- sleep 10 && kill -SIGQUIT 1
command: ["/bin/sh","-lc","sleep 10; kill -QUIT 1 || true"]
Copy link

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

preStop was changed to run /bin/sh -lc .... The -l (login shell) flag is unnecessary here and can introduce non-obvious behavior (sourcing profile scripts) or portability issues compared to the rest of the manifests that use sh -c. Using a plain -c keeps the command consistent and reduces risk.

Suggested change
command: ["/bin/sh","-lc","sleep 10; kill -QUIT 1 || true"]
command: ["/bin/sh","-c","sleep 10; kill -QUIT 1 || true"]

Copilot uses AI. Check for mistakes.
livenessProbe:
tcpSocket:
port: 9000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 2
readinessProbe:
tcpSocket:
port: 9000
Comment on lines +99 to +106
Copy link

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new php-fpm liveness/readiness probes use tcpSocket: port: 9000, but PHP-FPM is configured to listen = 127.0.0.1:9000 (ConfigMap production-php-fpm). Kubernetes TCP socket probes connect to the Pod IP, not 127.0.0.1, so these probes will fail and continuously restart the container. Consider switching to an exec probe that connects to 127.0.0.1:9000 (e.g., via a local fastcgi client), or change PHP-FPM to listen on 0.0.0.0:9000/a unix socket and update Nginx accordingly.

Suggested change
tcpSocket:
port: 9000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 2
readinessProbe:
tcpSocket:
port: 9000
exec:
command:
- /bin/sh
- -lc
- 'php -r ''$s=@fsockopen("127.0.0.1", 9000, $errno, $errstr, 1); if (!$s) { exit(1); } fclose($s);'''
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 2
readinessProbe:
exec:
command:
- /bin/sh
- -lc
- 'php -r ''$s=@fsockopen("127.0.0.1", 9000, $errno, $errstr, 1); if (!$s) { exit(1); } fclose($s);'''

Copilot uses AI. Check for mistakes.
initialDelaySeconds: 2
periodSeconds: 5
timeoutSeconds: 2
volumeMounts:
- name: source-codes
mountPath: /var/www/html
Expand Down Expand Up @@ -125,20 +134,24 @@ spec:
ports:
- containerPort: 8080
name: http
- containerPort: 80
name: health
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 5
httpGet:
path: /health
port: 80
port: health
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 6
readinessProbe:
httpGet:
path: /health
port: 80
initialDelaySeconds: 5
port: health
initialDelaySeconds: 2
periodSeconds: 5
timeoutSeconds: 5
timeoutSeconds: 2
failureThreshold: 3
volumeMounts:
- name: nginx-default-config
mountPath: /etc/nginx/nginx.conf
Expand Down
9 changes: 8 additions & 1 deletion tests/fixtures/orchestration/kubernetes/configmap/nginx.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,15 @@ data:
root /var/www/html/web;

location /health {
stub_status on;
access_log off;

include fastcgi_params;
fastcgi_read_timeout 3s;
fastcgi_param SCRIPT_FILENAME /ping;
fastcgi_param SCRIPT_NAME /ping;
fastcgi_param REQUEST_METHOD GET;

Comment on lines +77 to +83
Copy link

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These blank lines contain trailing whitespace (lines with spaces only). It’s better to keep them as truly empty lines to avoid noisy diffs and potential formatting/linting issues.

Suggested change
include fastcgi_params;
fastcgi_read_timeout 3s;
fastcgi_param SCRIPT_FILENAME /ping;
fastcgi_param SCRIPT_NAME /ping;
fastcgi_param REQUEST_METHOD GET;
include fastcgi_params;
fastcgi_read_timeout 3s;
fastcgi_param SCRIPT_FILENAME /ping;
fastcgi_param SCRIPT_NAME /ping;
fastcgi_param REQUEST_METHOD GET;

Copilot uses AI. Check for mistakes.
fastcgi_pass php-upstream;
}
}

Expand Down
45 changes: 35 additions & 10 deletions tests/scenarios/basic-production/expected/webserver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,15 @@ data:
root /var/www/html/web;

location /health {
stub_status on;
access_log off;

include fastcgi_params;
fastcgi_read_timeout 3s;
fastcgi_param SCRIPT_FILENAME /ping;
fastcgi_param SCRIPT_NAME /ping;
fastcgi_param REQUEST_METHOD GET;

fastcgi_pass php-upstream;
}
}

Expand Down Expand Up @@ -333,6 +340,8 @@ data:
[www]

listen = 127.0.0.1:9000
ping.path = /ping
ping.response = pong

pm = dynamic
pm.max_children = 20
Expand Down Expand Up @@ -572,10 +581,22 @@ spec:
preStop:
exec:
command:
- sh
- -c
- sleep 10 && kill -SIGQUIT 1
- /bin/sh
- -lc
- sleep 10; kill -QUIT 1 || true
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 9000
timeoutSeconds: 2
name: php-fpm
readinessProbe:
initialDelaySeconds: 2
periodSeconds: 5
tcpSocket:
port: 9000
timeoutSeconds: 2
resources:
limits:
memory: 2Gi
Expand Down Expand Up @@ -607,23 +628,27 @@ spec:
- -c
- sleep 5 && /usr/sbin/nginx -s quit
livenessProbe:
failureThreshold: 6
httpGet:
path: /health
port: 80
port: health
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 5
periodSeconds: 10
timeoutSeconds: 3
name: webserver
ports:
- containerPort: 8080
name: http
- containerPort: 80
name: health
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 80
initialDelaySeconds: 5
port: health
initialDelaySeconds: 2
periodSeconds: 5
timeoutSeconds: 5
timeoutSeconds: 2
resources:
limits:
memory: 300Mi
Expand Down
45 changes: 35 additions & 10 deletions tests/scenarios/development-single-domain/expected/webserver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,15 @@ data:
root /var/www/html/web;

location /health {
stub_status on;
access_log off;

include fastcgi_params;
fastcgi_read_timeout 3s;
fastcgi_param SCRIPT_FILENAME /ping;
fastcgi_param SCRIPT_NAME /ping;
fastcgi_param REQUEST_METHOD GET;

fastcgi_pass php-upstream;
}
}

Expand Down Expand Up @@ -331,6 +338,8 @@ data:
[www]

listen = 127.0.0.1:9000
ping.path = /ping
ping.response = pong

pm = dynamic
pm.max_children = 20
Expand Down Expand Up @@ -566,10 +575,22 @@ spec:
preStop:
exec:
command:
- sh
- -c
- sleep 10 && kill -SIGQUIT 1
- /bin/sh
- -lc
- sleep 10; kill -QUIT 1 || true
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 9000
timeoutSeconds: 2
name: php-fpm
readinessProbe:
initialDelaySeconds: 2
periodSeconds: 5
tcpSocket:
port: 9000
timeoutSeconds: 2
resources:
limits:
memory: 2Gi
Expand Down Expand Up @@ -601,23 +622,27 @@ spec:
- -c
- sleep 5 && /usr/sbin/nginx -s quit
livenessProbe:
failureThreshold: 6
httpGet:
path: /health
port: 80
port: health
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 5
periodSeconds: 10
timeoutSeconds: 3
name: webserver
ports:
- containerPort: 8080
name: http
- containerPort: 80
name: health
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 80
initialDelaySeconds: 5
port: health
initialDelaySeconds: 2
periodSeconds: 5
timeoutSeconds: 5
timeoutSeconds: 2
resources:
limits:
memory: 300Mi
Expand Down
45 changes: 35 additions & 10 deletions tests/scenarios/escaping-env/expected/webserver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,15 @@ data:
root /var/www/html/web;

location /health {
stub_status on;
access_log off;

include fastcgi_params;
fastcgi_read_timeout 3s;
fastcgi_param SCRIPT_FILENAME /ping;
fastcgi_param SCRIPT_NAME /ping;
fastcgi_param REQUEST_METHOD GET;

fastcgi_pass php-upstream;
}
}

Expand Down Expand Up @@ -333,6 +340,8 @@ data:
[www]

listen = 127.0.0.1:9000
ping.path = /ping
ping.response = pong

pm = dynamic
pm.max_children = 20
Expand Down Expand Up @@ -576,10 +585,22 @@ spec:
preStop:
exec:
command:
- sh
- -c
- sleep 10 && kill -SIGQUIT 1
- /bin/sh
- -lc
- sleep 10; kill -QUIT 1 || true
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 9000
timeoutSeconds: 2
name: php-fpm
readinessProbe:
initialDelaySeconds: 2
periodSeconds: 5
tcpSocket:
port: 9000
timeoutSeconds: 2
resources:
limits:
memory: 2Gi
Expand Down Expand Up @@ -611,23 +632,27 @@ spec:
- -c
- sleep 5 && /usr/sbin/nginx -s quit
livenessProbe:
failureThreshold: 6
httpGet:
path: /health
port: 80
port: health
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 5
periodSeconds: 10
timeoutSeconds: 3
name: webserver
ports:
- containerPort: 8080
name: http
- containerPort: 80
name: health
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 80
initialDelaySeconds: 5
port: health
initialDelaySeconds: 2
periodSeconds: 5
timeoutSeconds: 5
timeoutSeconds: 2
resources:
limits:
memory: 300Mi
Expand Down
Loading
Loading