Improve manifest for reliability

app/views/layouts/application.html.erb

@@ -4,7 +4,7 @@
   <title>ExampleApp</title>
   <script>
     function load() {
-      setTimeout(function() {location=''}, 50)
+      setTimeout(function() {location=''}, 1000)
     }
     window.onload = load;
   </script>

kubernetes/helm/ecsdemo-frontend/templates/deployment.yaml

@@ -39,17 +39,33 @@ spec:
               protocol: TCP
           env:
             - name: CRYSTAL_URL
-              value: http://ecsdemo-crystal.{{ .Values.ecsdemoCrystal.namespace }}.svc.cluster.local/crystal
+              value: http://ecsdemo-crystal.{{ .Values.ecsdemoCrystal.namespace }}.svc.cluster.local./crystal
             - name: NODEJS_URL
-              value: http://ecsdemo-nodejs.{{ .Values.ecsdemoNodejs.namespace }}.svc.cluster.local/
+              value: http://ecsdemo-nodejs.{{ .Values.ecsdemoNodejs.namespace }}.svc.cluster.local./
           livenessProbe:
+            failureThreshold: 3
             httpGet:
               path: /
               port: http
+              scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 10
+            initialDelaySeconds: 60
           readinessProbe:
+            failureThreshold: 3          
             httpGet:
               path: /
               port: http
+              scheme: HTTP   
+            periodSeconds: 10
+            successThreshold: 1                         
+            timeoutSeconds: 10
+            initialDelaySeconds: 60            
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/bin/sh", "-c", "sleep 180"] 
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -64,3 +80,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

kubernetes/helm/ecsdemo-frontend/templates/hpa.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ include "ecsdemo-frontend.fullname" . }}
@@ -17,12 +17,16 @@ spec:
     - type: Resource
       resource:
         name: cpu
-        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
     {{- end }}
     {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
     - type: Resource
       resource:
         name: memory
-        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
     {{- end }}
 {{- end }}

kubernetes/helm/ecsdemo-frontend/templates/pdb.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.pdb.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "ecsdemo-frontend.fullname" . }}
+  labels:
+    {{- include "ecsdemo-frontend.labels" . | nindent 4 }}
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "ecsdemo-frontend.fullname" . }}
+{{- end }}      

kubernetes/helm/ecsdemo-frontend/templates/service.yaml

@@ -4,6 +4,8 @@ metadata:
   name: {{ include "ecsdemo-frontend.fullname" . }}
   labels:
     {{- include "ecsdemo-frontend.labels" . | nindent 4 }}
+  annotations:
+    service.kubernetes.io/topology-aware-hints: auto    
 spec:
   type: {{ .Values.service.type }}
   ports:

kubernetes/helm/ecsdemo-frontend/values.yaml

@@ -12,11 +12,11 @@ image:
   repository: public.ecr.aws/aws-containers/ecsdemo-frontend
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
+  tag: 'latest'
 
 imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
+nameOverride: ''
+fullnameOverride: ''
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -25,14 +25,16 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  name: ''
 
 podAnnotations: {}
 
-podSecurityContext: {}
+podSecurityContext:
+  {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  {}
   # capabilities:
   #   drop:
   #   - ALL
@@ -46,8 +48,9 @@ service:
 
 ingress:
   enabled: false
-  className: ""
-  annotations: {}
+  className: ''
+  annotations:
+    {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
@@ -60,7 +63,8 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
+resources:
+  {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -79,8 +83,13 @@ autoscaling:
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
 
+pdb:
+  enabled: true
+
 nodeSelector: {}
 
 tolerations: []
 
 affinity: {}
+
+topologySpreadConstraints: []

startup-cdk.sh

@@ -67,13 +67,17 @@ if [[ "${orchestrator}" == 'kubernetes' ]]; then
     fi
 fi 
 
+
+
 if [[ ${orchestrator} == 'unknown' ]]; then
-  zone=$(curl -m2 -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.availabilityZone' | grep -o .$)
+  TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
+  zone=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -m2 -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.availabilityZone' | grep -o .$)
 fi 
 
 # Am I on ec2 instances?
 if [[ ${zone} == "unknown" ]]; then
-  zone=$(curl -m2 -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.availabilityZone' | grep -o .$)
+  TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
+  zone=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -m2 -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.availabilityZone' | grep -o .$)
 fi
 
 # Still no luck? Perhaps we're running fargate!