@flowfuse/driver-kubernetes 2.22.2-c4cd2cc-202510160855.0 → 2.22.2-d74c830-202510171251.0

package/README.md

@@ -44,6 +44,10 @@ driver:
 - `projectSelector` a list of labels that should be used to select which nodes Project Pods
 should run on
 - `projectLabels` a list of custom labels that should be applied to all resources created for Projects (Pods, Services, Ingresses, PVCs)
+- `projectProbes` optional configuration for liveness, readiness and startup probes for project containers
+- `projectProbes.livenessProbe` custom liveness probe configuration (default not set)
+- `projectProbes.readinessProbe` custom readiness probe configuration (default not set)
+- `projectProbes.startupProbe` custom startup probe configuration (default not set)
 - `cloudProvider` normally not set, but can be `aws` This triggers the adding of
 AWS EKS specific annotation for ALB Ingress. or `openshift` to allow running on OpenShift (Enterprise license only)
 - `privateCA` name of ConfigMap holding PEM CA Cert Bundle (file name `certs.pem`) Optional
@@ -61,6 +65,7 @@ AWS EKS specific annotation for ALB Ingress. or `openshift` to allow running on
 - `storage.storageClassEFSTag` Used instead of `storage.storageClass` when needing to shard across multiple EFS file systems (default not set)
 - `storage.size` Size of the volume to request (default not set)
 - `podSecurityContext` Settings linked to the [security context of the pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+- `containerSecurityContext` Settings linked to the [security context of the container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
 - `service.type` Type of service to create for the editor (allowed `ClusterIP` or `NodePort`, default `ClusterIP`)
 
 Expects to pick up K8s credentials from the environment

package/kubernetes.js

@@ -194,6 +194,14 @@ const createDeployment = async (project, options) => {
         this._app.log.info('[k8s] OpenShift, removing PodSecurityContext')
     }
 
+    if (this._app.config.driver.options?.containerSecurityContext) {
+        localPod.spec.containers[0].securityContext = this._app.config.driver.options.containerSecurityContext
+        this._app.log.info(`[k8s] Using custom ContainerSecurityContext ${JSON.stringify(this._app.config.driver.options.containerSecurityContext)}`)
+    } else if (this._app.license.active() && this._cloudProvider === 'openshift') {
+        localPod.spec.containers[0].securityContext = {}
+        this._app.log.info('[k8s] OpenShift, removing ContainerSecurityContext')
+    }
+
     if (stack.memory && stack.cpu) {
         localPod.spec.containers[0].resources.requests.memory = `${stack.memory}Mi`
         // increase limit to give npm more room to run in
@@ -213,6 +221,16 @@ const createDeployment = async (project, options) => {
         }
     }
 
+    if (this._app.config.driver.options?.projectProbes?.livenessProbe) {
+        localPod.spec.containers[0].livenessProbe = this._app.config.driver.options.projectProbes.livenessProbe
+    }
+    if (this._app.config.driver.options?.projectProbes?.readinessProbe) {
+        localPod.spec.containers[0].readinessProbe = this._app.config.driver.options.projectProbes.readinessProbe
+    }
+    if (this._app.config.driver.options?.projectProbes?.startupProbe) {
+        localPod.spec.containers[0].startupProbe = this._app.config.driver.options.projectProbes.startupProbe
+    }
+
     const ha = await project.getSetting('ha')
     if (ha?.replicas > 1) {
         localDeployment.spec.replicas = ha.replicas

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@flowfuse/driver-kubernetes",
-    "version": "2.22.2-c4cd2cc-202510160855.0",
+    "version": "2.22.2-d74c830-202510171251.0",
     "description": "Kubernetes driver for FlowFuse",
     "main": "kubernetes.js",
     "scripts": {