Skip to content

Add resource-specific health checks for standard Kubernetes resources#160

Merged
sergenyalcin merged 2 commits into
crossplane-contrib:mainfrom
kaessert:tk/v2-standard-kube-resources
Nov 27, 2025
Merged

Add resource-specific health checks for standard Kubernetes resources#160
sergenyalcin merged 2 commits into
crossplane-contrib:mainfrom
kaessert:tk/v2-standard-kube-resources

Conversation

@kaessert

@kaessert kaessert commented Nov 20, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Description of your changes

Implement health check system for standard K8s resources that complements the existing Ready condition checking. Standard Kubernetes resources now use resource-specific health logic before falling back to Ready conditions.

Supported resources:

  • Deployment: checks replica counts and Available condition
  • StatefulSet: checks replicas and revision matching
  • DaemonSet: checks pod scheduling and availability
  • Service: checks LoadBalancer ingress assignment
  • Ingress: checks load balancer assignment
  • Secret, ConfigMap, ServiceAccount: ready if exists

Uses registry pattern for extensibility. All other resources (Crossplane managed resources, custom resources) continue using Ready condition checks.

I have:

What i did for additional testing is deployed https://github.com/upbound/configuration-app-model with following change:

 _metadata = lambda name: str -> any {
     { annotations = {
-        "krm.kcl.dev/composition-resource-name" = name } | ({
-            "krm.kcl.dev/ready" = "True"
-        } if _isResourceReady(name) else {})
+        "krm.kcl.dev/composition-resource-name" = name }
     }
 }

Then i deployed the example: kubectl apply -f examples/app/example.yaml

and observed everything to be healthy:

$> crossplane beta trace app example
NAME                               SYNCED   READY   STATUS
App/example (default)              True     True    Available
├─ Deployment/app1 (default)       -        -
├─ ServiceAccount/app1 (default)   -        -
└─ Service/app1 (default)          -        -

I additionally rendered the example i added with the function in dev mode and saw the XR coming up as ready there as well.

To confirm everything works with only standard crossplane resource i also ran e2e tests for https://github.com/upbound/configuration-aws-network by switching out the function with my custom one:

-    package: xpkg.upbound.io/crossplane-contrib/function-auto-ready
-    version: '>=v0.0.0'
+    package: xpkg.upbound.io/solutions/function-auto-ready
+    version: v0.0.0-tk-v2

and observed e2e tests going green:

$> up test run --e2e tests/e2etest-network/
  ✓   Parsing tests
  ✓   Collecting resources
  ✓   Collecting resources
  ✓   Generating language schemas
  ✓   Checking dependencies
  ✓   Building functions
  ✓   Building configuration package
  ✓   Creating development control plane in Spaces
  ✓   Ensuring repository exists
  ✓   Pushing function package xpkg.upbound.io/solutions/configuration-aws-network_network
  ✓   Pushing configuration image xpkg.upbound.io/solutions/configuration-aws-network:v0.0.0-1763648947
  ✓   Installing package on development control plane
 ▄ Waiting for package to be ready (1s)
 ....
2025/11/20 15:30:17 Skipping update step because the root resource does not exist
2025/11/20 15:30:17 Skipping update step because the skip-delete option is set to true
2025/11/20 15:30:17 Skipping import step because the skip-import option is set to true
2025/11/20 15:30:17 Written test files: /var/folders/h4/sh6rlg_53s17_cjkfp90v3r00000gn/T/e2e-test-network4223355159
2025/11/20 15:30:17 Running chainsaw tests at /var/folders/h4/sh6rlg_53s17_cjkfp90v3r00000gn/T/e2e-test-network4223355159
2025/11/20 15:30:17 Loading default configuration...
2025/11/20 15:30:17 - Using test file: 00-apply.yaml
2025/11/20 15:30:17 - ApplyTimeout 5s
2025/11/20 15:30:17 - AssertTimeout 30s
2025/11/20 15:30:17 - CleanupTimeout 30s
2025/11/20 15:30:17 - DeleteTimeout 15s
2025/11/20 15:30:17 - ErrorTimeout 30s
2025/11/20 15:30:17 - ExecTimeout 5s
2025/11/20 15:30:17 - Parallel 1
2025/11/20 15:30:17 Loading tests...
2025/11/20 15:30:17 - apply (/var/folders/h4/sh6rlg_53s17_cjkfp90v3r00000gn/T/e2e-test-network4223355159/case)
2025/11/20 15:30:17 Running tests...
=== RUN   chainsaw
=== PAUSE chainsaw
=== CONT  chainsaw
=== RUN   chainsaw/apply
=== PAUSE chainsaw/apply
=== CONT  chainsaw/apply
    | 15:30:18 | apply | @chainsaw                | CREATE    | OK    | v1/Namespace @ chainsaw-included-pelican
    | 15:30:18 | apply | Apply Resources          | TRY       | BEGIN |
    | 15:30:18 | apply | Apply Resources          | CMD       | RUN   |
        === COMMAND
        /bin/sh -c echo "Checking webhook health before proceeding..."
        curl -sL https://github.com/crossplane/uptest/main/hack/check_endpoints.sh -o /tmp/check_endpoints.sh && chmod +x /tmp/check_endpoints.sh
        /tmp/check_endpoints.sh
    | 15:30:20 | apply | Apply Resources          | SCRIPT    | LOG   |
        === STDOUT
        Checking webhook health before proceeding...
        === STDERR
        Error from server (Forbidden): endpointslices.discovery.k8s.io is forbidden: User "upbound:user:tobias.kasser.upbound.io" cannot list resource "endpointslices" in API group "discovery.k8s.io" in the namespace "default"
    | 15:30:20 | apply | Apply Resources          | SCRIPT    | DONE  |
    | 15:30:20 | apply | Apply Resources          | SLEEP     | RUN   |
    | 15:30:30 | apply | Apply Resources          | SLEEP     | DONE  |
    | 15:30:30 | apply | Apply Resources          | APPLY     | RUN   | aws.platform.upbound.io/v1alpha1/Network @ default/configuration-aws-network
    | 15:30:31 | apply | Apply Resources          | CREATE    | OK    | aws.platform.upbound.io/v1alpha1/Network @ default/configuration-aws-network
    | 15:30:31 | apply | Apply Resources          | APPLY     | DONE  | aws.platform.upbound.io/v1alpha1/Network @ default/configuration-aws-network
    | 15:30:31 | apply | Apply Resources          | CMD       | RUN   |
        === COMMAND
        /bin/sh -c echo "Running annotation script with retry logic"
        retry_annotate() {
          local max_attempts=10
          local delay=5
          local attempt=1
          local cmd="$1"

          while [ $attempt -le $max_attempts ]; do
            echo "Annotation attempt $attempt/$max_attempts for: $cmd"
            if eval "$cmd"; then
              echo "Annotation successful on attempt $attempt"
              return 0
            else
              echo "Annotation failed on attempt $attempt"
              if [ $attempt -lt $max_attempts ]; then
                echo "Retrying in ${delay}s..."
                sleep $delay
              fi
              ((attempt++))
            fi
          done
          echo "Annotation failed after $max_attempts attempts"
          return 1
        }
        retry_annotate "${KUBECTL} annotate --namespace default  network.aws.platform.upbound.io/configuration-aws-network upjet.upbound.io/test=true --overwrite"
    | 15:30:34 | apply | Apply Resources          | SCRIPT    | LOG   |
        === STDOUT
        Running annotation script with retry logic
        Annotation attempt 1/10 for: /usr/local/bin/kubectl annotate --namespace default  network.aws.platform.upbound.io/configuration-aws-network upjet.upbound.io/test=true --overwrite
        network.aws.platform.upbound.io/configuration-aws-network annotated
        Annotation successful on attempt 1
    | 15:30:34 | apply | Apply Resources          | SCRIPT    | DONE  |
    | 15:30:34 | apply | Apply Resources          | TRY       | END   |
    | 15:30:34 | apply | Assert Status Conditions | TRY       | BEGIN |
    | 15:30:34 | apply | Assert Status Conditions | ASSERT    | RUN   | aws.platform.upbound.io/v1alpha1/Network @ default/configuration-aws-network
NAME                                                                            RESOURCE                                     SYNCED   READY   STATUS
Network/configuration-aws-network (default)                                                                                  True     False   Creating: Unready resources: igw, mrt, route, and 13 more
├─ InternetGateway/configuration-aws-network-178a43130a66 (default)             igw                                          False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.VPCID: referenced field was empty (referenced resource may not yet be ready)
├─ MainRouteTableAssociation/configuration-aws-network-4cc5519bb7a7 (default)   mrt                                          False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.RouteTableID: referenced field was empty (referenced resource may not yet be ready)
├─ RouteTableAssociation/configuration-aws-network-036850f2e33e (default)       rta-us-west-2a-192-168-128-0-18-private      False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.RouteTableID: referenced field was empty (referenced resource may not yet be ready)
├─ RouteTableAssociation/configuration-aws-network-0f379ee397c9 (default)       rta-us-west-2b-192-168-192-0-18-private      False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.RouteTableID: referenced field was empty (referenced resource may not yet be ready)
├─ RouteTableAssociation/configuration-aws-network-6ace773906d0 (default)       rta-us-west-2a-192-168-0-0-18-public         False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.RouteTableID: referenced field was empty (referenced resource may not yet be ready)
├─ RouteTableAssociation/configuration-aws-network-ead624ac9a0d (default)       rta-us-west-2b-192-168-64-0-18-public        False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.RouteTableID: referenced field was empty (referenced resource may not yet be ready)
├─ RouteTable/configuration-aws-network-638f7808b124 (default)                  rt                                           False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.VPCID: referenced field was empty (referenced resource may not yet be ready)
├─ Route/configuration-aws-network-e12df2eea278 (default)                       route                                        False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.GatewayID: referenced field was empty (referenced resource may not yet be ready)
├─ SecurityGroupRule/configuration-aws-network-6c73eca6552d (default)           sgr-mysql                                    False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.SecurityGroupID: referenced field was empty (referenced resource may not yet be ready)
├─ SecurityGroupRule/configuration-aws-network-f43679bd68a6 (default)           sgr-postgres                                 False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.SecurityGroupID: referenced field was empty (referenced resource may not yet be ready)
├─ SecurityGroup/configuration-aws-network-9e60e68ade13 (default)               sg                                           False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.VPCID: referenced field was empty (referenced resource may not yet be ready)
├─ Subnet/configuration-aws-network-07a1f2798d67 (default)                      subnet-us-west-2a-192-168-128-0-18-private   False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.VPCID: referenced field was empty (referenced resource may not yet be ready)
├─ Subnet/configuration-aws-network-520ded92e531 (default)                      subnet-us-west-2b-192-168-192-0-18-private   False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.VPCID: referenced field was empty (referenced resource may not yet be ready)
├─ Subnet/configuration-aws-network-521e449cc233 (default)                      subnet-us-west-2b-192-168-64-0-18-public     False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.VPCID: referenced field was empty (referenced resource may not yet be ready)
├─ Subnet/configuration-aws-network-dbb334d3d9fc (default)                      subnet-us-west-2a-192-168-0-0-18-public      False    -       ReconcileError: cannot resolve references: mg.Spec.ForProvider.VPCID: referenced field was empty (referenced resource may not yet be ready)
└─ VPC/configuration-aws-network-651da1fd9c11 (default)                         vpc                                          True     False   Creating
...
NAME                                                                            RESOURCE                                     SYNCED   READY   STATUS
Network/configuration-aws-network (default)                                                                                  True     False   Creating: Unready resources: rta-us-west-2a-192-168-0-0-18-public
├─ InternetGateway/configuration-aws-network-178a43130a66 (default)             igw                                          True     True    Available
├─ MainRouteTableAssociation/configuration-aws-network-4cc5519bb7a7 (default)   mrt                                          True     True    Available
├─ RouteTableAssociation/configuration-aws-network-036850f2e33e (default)       rta-us-west-2a-192-168-128-0-18-private      True     True    Available
├─ RouteTableAssociation/configuration-aws-network-0f379ee397c9 (default)       rta-us-west-2b-192-168-192-0-18-private      True     True    Available
├─ RouteTableAssociation/configuration-aws-network-6ace773906d0 (default)       rta-us-west-2a-192-168-0-0-18-public         True     True    Available
├─ RouteTableAssociation/configuration-aws-network-ead624ac9a0d (default)       rta-us-west-2b-192-168-64-0-18-public        True     True    Available
├─ RouteTable/configuration-aws-network-638f7808b124 (default)                  rt                                           True     True    Available
├─ Route/configuration-aws-network-e12df2eea278 (default)                       route                                        True     True    Available
├─ SecurityGroupRule/configuration-aws-network-6c73eca6552d (default)           sgr-mysql                                    True     True    Available
├─ SecurityGroupRule/configuration-aws-network-f43679bd68a6 (default)           sgr-postgres                                 True     True    Available
├─ SecurityGroup/configuration-aws-network-9e60e68ade13 (default)               sg                                           True     True    Available
├─ Subnet/configuration-aws-network-07a1f2798d67 (default)                      subnet-us-west-2a-192-168-128-0-18-private   True     True    Available
├─ Subnet/configuration-aws-network-520ded92e531 (default)                      subnet-us-west-2b-192-168-192-0-18-private   True     True    Available
├─ Subnet/configuration-aws-network-521e449cc233 (default)                      subnet-us-west-2b-192-168-64-0-18-public     True     True    Available
├─ Subnet/configuration-aws-network-dbb334d3d9fc (default)                      subnet-us-west-2a-192-168-0-0-18-public      True     True    Available
└─ VPC/configuration-aws-network-651da1fd9c11 (default)                         vpc                                          True     True    Available
    | 15:33:09 | apply | Assert Status Conditions | ASSERT    | DONE  | aws.platform.upbound.io/v1alpha1/Network @ default/configuration-aws-network
    | 15:33:09 | apply | Assert Status Conditions | TRY       | END   |
    | 15:33:09 | apply | @chainsaw                | CLEANUP   | SKIP  |
=== NAME  chainsaw
    | 15:33:09 | chainsaw | @chainsaw | CLEANUP   | SKIP  |
--- PASS: chainsaw (0.00s)
    --- PASS: chainsaw/apply (172.06s)
PASS
2025/11/20 15:33:09 Tests Summary:
2025/11/20 15:33:09 - Passed: 1
2025/11/20 15:33:09 - Failed: 0
2025/11/20 15:33:09 - Skipped: 0
2025/11/20 15:33:09 Skipping test 01-update.yaml
2025/11/20 15:33:09 Skipping test 02-import.yaml
2025/11/20 15:33:09 Loading default configuration...
2025/11/20 15:33:09 - Using test file: 03-delete.yaml
2025/11/20 15:33:09 - ApplyTimeout 5s
2025/11/20 15:33:09 - AssertTimeout 30s
2025/11/20 15:33:09 - CleanupTimeout 30s
2025/11/20 15:33:09 - DeleteTimeout 15s
2025/11/20 15:33:09 - ErrorTimeout 30s
2025/11/20 15:33:09 - ExecTimeout 5s
2025/11/20 15:33:09 - Parallel 1
2025/11/20 15:33:09 Loading tests...
2025/11/20 15:33:09 - delete (/var/folders/h4/sh6rlg_53s17_cjkfp90v3r00000gn/T/e2e-test-network4223355159/case)
2025/11/20 15:33:09 Running tests...
=== RUN   chainsaw
=== PAUSE chainsaw
=== CONT  chainsaw
=== RUN   chainsaw/delete
=== PAUSE chainsaw/delete
=== CONT  chainsaw/delete
    | 15:33:10 | delete | @chainsaw        | CREATE    | OK    | v1/Namespace @ chainsaw-next-macaque
    | 15:33:10 | delete | Delete Resources | TRY       | BEGIN |
    | 15:33:10 | delete | Delete Resources | CMD       | RUN   |
        === COMMAND
        /bin/sh -c retry_kubectl() {
          local max_attempts=10
          local delay=5
          local attempt=1
          local cmd="$1"

          while [ $attempt -le $max_attempts ]; do
            echo "Kubectl attempt $attempt/$max_attempts for: $cmd"
            if eval "$cmd"; then
              echo "Kubectl operation successful on attempt $attempt"
              return 0
            else
              echo "Kubectl operation failed on attempt $attempt"
              if [ $attempt -lt $max_attempts ]; then
                echo "Retrying in ${delay}s..."
                sleep $delay
              fi
              ((attempt++))
            fi
          done
          echo "Kubectl operation failed after $max_attempts attempts"
          return 1
        }
        retry_kubectl "${KUBECTL} delete network.aws.platform.upbound.io/configuration-aws-network --wait=false --namespace default --ignore-not-found"
    | 15:33:12 | delete | Delete Resources | SCRIPT    | LOG   |
        === STDOUT
        Kubectl attempt 1/10 for: /usr/local/bin/kubectl delete network.aws.platform.upbound.io/configuration-aws-network --wait=false --namespace default --ignore-not-found
        network.aws.platform.upbound.io "configuration-aws-network" deleted
        Kubectl operation successful on attempt 1
    | 15:33:12 | delete | Delete Resources | SCRIPT    | DONE  |
    | 15:33:12 | delete | Delete Resources | TRY       | END   |
    | 15:33:12 | delete | Assert Deletion  | TRY       | BEGIN |
    | 15:33:12 | delete | Assert Deletion  | CMD       | RUN   |
        === COMMAND
        /bin/sh -c ${KUBECTL} wait --namespace default --for=delete network.aws.platform.upbound.io/configuration-aws-network --timeout 1h15m0s
    | 15:33:13 | delete | Assert Deletion  | SCRIPT    | DONE  |
    | 15:33:13 | delete | Assert Deletion  | TRY       | END   |
    | 15:33:13 | delete | @chainsaw        | CLEANUP   | SKIP  |
  ✓   Collecting resources
  ✓   Generating language schemas
  ✓   Checking dependencies
  ✓   Building functions
  ✓   Building configuration package
  ✓   Creating development control plane in Spaces
  ✓   Ensuring repository exists
  ✓   Pushing function package xpkg.upbound.io/solutions/configuration-aws-network_network
  ✓   Pushing configuration image xpkg.upbound.io/solutions/configuration-aws-network:v0.0.0-1763648947
  ✓   Installing package on development control plane
  ✓   Waiting for package to be ready
  ✓   Finding test resources
Cleanup summary: 0 deleted, 0 remaining after 0 attempts
Tearing down test control plane...

Test control plane deleted

SUCCESS:
SUCCESS: Tests Summary:
SUCCESS: ------------------
SUCCESS: Total Tests Executed: 1
SUCCESS: Passed tests:         1
SUCCESS: Failed tests:         0

Removed some of the logs due to limitations and brevity

@kaessert
Add resource-specific health checks for standard Kubernetes resources
50bf50e 
Implement health check system for standard K8s resources that complements
the existing Ready condition checking. Standard Kubernetes resources now
use resource-specific health logic before falling back to Ready conditions.

Supported resources:
- Deployment: checks replica counts and Available condition
- StatefulSet: checks replicas and revision matching
- DaemonSet: checks pod scheduling and availability
- Service: checks LoadBalancer ingress assignment
- Ingress: checks load balancer assignment
- Secret, ConfigMap, ServiceAccount: ready if exists

Uses registry pattern for extensibility. All other resources (Crossplane
managed resources, custom resources) continue using Ready condition checks.

Signed-off-by: Tobias Kässer <tobias.kasser@upbound.io>
@kaessert kaessert force-pushed the tk/v2-standard-kube-resources branch from 58cd1f2 to 50bf50e Compare November 20, 2025 14:35
stevendborrelli
stevendborrelli reviewed Nov 21, 2025
View reviewed changes

@stevendborrelli stevendborrelli left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great addition that addresses a pain point for composition authors.

Can we update the Readme with a running status of what is supported? I wonder if there becomes a point where this starts to bloat the base auto-ready function with features.

The list of resources in a default Kubernetes install:

# Core (core/v1)
- [ ] Pod
- [ ] Service
- [ ] Namespace
- [ ] Node
- [ ] ConfigMap
- [ ] Secret
- [ ] ServiceAccount
- [ ] Endpoints
- [ ] EndpointSlice
- [ ] PersistentVolume
- [ ] PersistentVolumeClaim
- [ ] ReplicationController
- [ ] ResourceQuota
- [ ] LimitRange
- [ ] Event

# Apps (apps/v1)
- [ ] Deployment
- [ ] StatefulSet
- [ ] DaemonSet
- [ ] ReplicaSet

# Batch (batch/v1)
- [ ] Job
- [ ] CronJob

# Autoscaling (autoscaling/v2)
- [ ] HorizontalPodAutoscaler

# Networking (networking.k8s.io/v1)
- [ ] Ingress
- [ ] IngressClass
- [ ] NetworkPolicy

# RBAC (rbac.authorization.k8s.io/v1)
- [ ] Role
- [ ] ClusterRole
- [ ] RoleBinding
- [ ] ClusterRoleBinding

# Authentication (authentication.k8s.io/v1)
- [ ] TokenReview

# Authorization (authorization.k8s.io/v1)
- [ ] SubjectAccessReview
- [ ] LocalSubjectAccessReview
- [ ] SelfSubjectAccessReview
- [ ] SelfSubjectRulesReview

# Storage (storage.k8s.io/v1)
- [ ] StorageClass
- [ ] VolumeAttachment
- [ ] CSIDriver
- [ ] CSINode

# Policy (policy/v1)
- [ ] PodDisruptionBudget

# Coordination (coordination.k8s.io/v1)
- [ ] Lease

# Admission Registration (admissionregistration.k8s.io/v1)
- [ ] MutatingWebhookConfiguration
- [ ] ValidatingWebhookConfiguration

# Scheduling (scheduling.k8s.io/v1)
- [ ] PriorityClass

# API Extensions (apiextensions.k8s.io/v1)
- [ ] CustomResourceDefinition (CRD)

# Discovery (discovery.k8s.io/v1)
- [ ] EndpointSlice (also listed in core/v1 for compatibility)

Comment thread healthchecks/configmap.go Outdated
// in the observed state, it's considered ready.
func checkConfigMapHealth(obj *unstructured.Unstructured) bool {
// ConfigMaps are always ready if they exist
return true

@stevendborrelli stevendborrelli Nov 21, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A very minor nit but maybe find common health checks that are shared?

func alwaysReady(*unstructured.Unstructured) bool {
    return true
}

@kaessert kaessert Nov 21, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great idea, implemented

Comment thread example/composition-k8s.yaml
@@ -0,0 +1,69 @@
apiVersion: apiextensions.crossplane.io/v1

@stevendborrelli stevendborrelli Nov 21, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this example be flushed out with a README, render command, XR/XRD so that it can be run locally and in-cluster?

@kaessert kaessert Nov 21, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done!

Comment thread healthchecks/registry.go Outdated

func init() {
// Register all standard Kubernetes resource health checks
registerDeploymentHealthCheck()

@stevendborrelli stevendborrelli Nov 21, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you order these alphabetically to make it easier to make sure that all checks are registered?

@stevendborrelli stevendborrelli Nov 21, 2025
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think registerServiceAccountSetHealthCheck() is missing. We may need some integration tests to ensure all types are being checked.

@kaessert kaessert Nov 21, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch!

@kaessert kaessert force-pushed the tk/v2-standard-kube-resources branch from f35d588 to 806bd65 Compare November 21, 2025 11:51
@kaessert

kaessert commented Nov 21, 2025

Copy link
Copy Markdown
Contributor Author

@stevendborrelli Thank you so much for the great feedback. I think i incorporated it all and added some more healthchecks based on the logic which is used in argocd

@kaessert
Incorporate PR feedback and support additional resources
39fadec 
Signed-off-by: Tobias Kässer <tobias.kasser@upbound.io>
@kaessert kaessert force-pushed the tk/v2-standard-kube-resources branch from 806bd65 to 39fadec Compare November 21, 2025 12:03
stevendborrelli
stevendborrelli reviewed Nov 21, 2025
View reviewed changes
Comment thread example/README.md
## Files

- **composition-k8s.yaml**: A composition that creates three Kubernetes resources (Service, Deployment, ConfigMap) and uses function-auto-ready to detect their readiness
- **xr.yaml**: A simple composite resource (XR) instance to render the composition

@stevendborrelli stevendborrelli Nov 21, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the xr.yaml and functions.yaml are missing.

stevendborrelli
stevendborrelli approved these changes Nov 21, 2025
View reviewed changes

@stevendborrelli stevendborrelli left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

I think overall this PR will change the nature of function-auto-ready, which up to now has been simple like the Unix cat command. Aside from filling in more types to support, one could see future requests to support things like the custom checks in P&T.

It's a question for the maintainers.

haarchri
haarchri reviewed Nov 26, 2025
View reviewed changes
Comment thread healthchecks/daemonset.go
RegisterHealthCheck(gvk, checkDaemonSetHealth)
}

// checkDaemonSetHealth implements ArgoCD-style health check for DaemonSets

@haarchri haarchri Nov 26, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: if we using the same implementation for ready than ArgoCD - can we add the source here ? make it easier in the future to extend with more resources

haarchri
haarchri approved these changes Nov 26, 2025
View reviewed changes

@haarchri haarchri left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks - this would eliminate a lot of boilerplate in compositions

@sergenyalcin sergenyalcin merged commit 8a160bd into crossplane-contrib:main Nov 27, 2025
6 checks passed
@stevendborrelli stevendborrelli mentioned this pull request Dec 8, 2025
Closed
6 tasks
This was referenced Dec 15, 2025
Open
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sergenyalcin sergenyalcin sergenyalcin approved these changes

@turkenf turkenf Awaiting requested review from turkenf turkenf is a code owner

@negz negz Awaiting requested review from negz negz is a code owner

+2 more reviewers

@stevendborrelli stevendborrelli stevendborrelli approved these changes

@haarchri haarchri haarchri approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kaessert @stevendborrelli @haarchri @sergenyalcin