From 3ca8daddbf53319db9730e4ea0f1dce6ed030439 Mon Sep 17 00:00:00 2001 From: Robert Keyser Date: Fri, 10 Apr 2026 08:06:21 -0500 Subject: [PATCH 1/3] feat: support for HTTP-based liveness probe for Fides Workers. --- CHANGELOG.md | 8 ++++++++ fides/Chart.yaml | 2 +- fides/templates/fides/worker-deployment.yaml | 13 ++++++++++--- fides/values.yaml | 13 +++++++++++++ 4 files changed, 32 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01f6b35..88dd2d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,14 @@ The types of changes are: ### Fixed +## [0.19.0](https://github.com/ethyca/fides-helm/compare/fides-0.18.0...fides-0.19.0) + +### Added + +- Optional support to use HttpGet health check for the Fides workers instead of Celery +- New `workerConfiguration` values for liveness probe tuning: `useHttpProbe`, `initialDelaySeconds`, `periodSeconds`, `timeoutSeconds`, `failureThreshold` + + ## [0.18.0](https://github.com/ethyca/fides-helm/compare/fides-0.17.1...fides-0.18.0) ### Added diff --git a/fides/Chart.yaml b/fides/Chart.yaml index 1b60462..839bcab 100644 --- a/fides/Chart.yaml +++ b/fides/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: fides -version: 0.18.0 +version: 0.19.0 appVersion: "2.67.0" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. type: application diff --git a/fides/templates/fides/worker-deployment.yaml b/fides/templates/fides/worker-deployment.yaml index cbeb1c4..4953082 100644 --- a/fides/templates/fides/worker-deployment.yaml +++ b/fides/templates/fides/worker-deployment.yaml @@ -106,15 +106,22 @@ spec: name: {{ $.Values.fides.configuration.additionalEnvVarsSecret }} {{- end }} livenessProbe: + {{- if $.Values.fides.workerConfiguration.useHttpProbe }} + httpGet: + path: / + port: 9000 + {{- else }} exec: command: [ "bash", "-c", "celery --quiet --no-color --app fides.api.tasks inspect ping --destination celery@$HOSTNAME --json" ] - initialDelaySeconds: {{ $.Values.fides.startupTimeSeconds | default 30 }} - periodSeconds: 60 - timeoutSeconds: {{ $.Values.fides.healthCheckTimeoutSeconds | default 5 }} + {{- end }} + initialDelaySeconds: {{ $.Values.fides.workerConfiguration.initialDelaySeconds | default ($.Values.fides.startupTimeSeconds | default 30) }} + periodSeconds: {{ $.Values.fides.workerConfiguration.periodSeconds | default 60 }} + timeoutSeconds: {{ $.Values.fides.workerConfiguration.timeoutSeconds | default ($.Values.fides.healthCheckTimeoutSeconds | default 5) }} + failureThreshold: {{ $.Values.fides.workerConfiguration.failureThreshold | default 3 }} volumeMounts: - name: {{ include "fides.configVolume" $ }} mountPath: {{ include "fides.configPath" $ }} diff --git a/fides/values.yaml b/fides/values.yaml index ed98826..f035ece 100644 --- a/fides/values.yaml +++ b/fides/values.yaml @@ -75,6 +75,19 @@ fides: # To override defaults, explicitly define workers below. To disable a worker, set count: 0. # For more information, see: https://www.ethyca.com/docs/dev-docs/get-started/advanced#running-workers workerConfiguration: + # useHttpProbe switches the worker liveness probe from a Celery exec command (default) + # to an HTTP GET against the in-process health check server on port 9000. + # The exec probe spawns a full celery process on each check, which may cause + # issues at scale. The HTTP probe avoids that overhead. + useHttpProbe: false + # + # Liveness probe tuning. If not set, falls back to fides.startupTimeSeconds + # and fides.healthCheckTimeoutSeconds respectively. + # Uncomment to tune these. + # initialDelaySeconds: 30 + # periodSeconds: 60 + # timeoutSeconds: 5 + # failureThreshold: 3 workers: [] # Example worker override: # - name: other From e06a3134ca26c98672856e5b858d3d9548230a0e Mon Sep 17 00:00:00 2001 From: Robert Keyser Date: Fri, 10 Apr 2026 08:08:33 -0500 Subject: [PATCH 2/3] chore: bump Fides application version --- CHANGELOG.md | 3 +++ fides/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88dd2d8..4b495ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,9 @@ The types of changes are: - Optional support to use HttpGet health check for the Fides workers instead of Celery - New `workerConfiguration` values for liveness probe tuning: `useHttpProbe`, `initialDelaySeconds`, `periodSeconds`, `timeoutSeconds`, `failureThreshold` +### Changed +- Upgrade default Fides version to [`2.82.1`] + ## [0.18.0](https://github.com/ethyca/fides-helm/compare/fides-0.17.1...fides-0.18.0) diff --git a/fides/Chart.yaml b/fides/Chart.yaml index 839bcab..68f505f 100644 --- a/fides/Chart.yaml +++ b/fides/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: fides version: 0.19.0 -appVersion: "2.67.0" +appVersion: "2.82.1" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. type: application keywords: From e6519fe1c5137261e8cc0fa9f8dd238c88645fee Mon Sep 17 00:00:00 2001 From: Robert Keyser Date: Fri, 10 Apr 2026 08:18:43 -0500 Subject: [PATCH 3/3] feat: expose health check port in deployment --- fides/templates/fides/worker-deployment.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fides/templates/fides/worker-deployment.yaml b/fides/templates/fides/worker-deployment.yaml index 4953082..32f3d0b 100644 --- a/fides/templates/fides/worker-deployment.yaml +++ b/fides/templates/fides/worker-deployment.yaml @@ -105,6 +105,12 @@ spec: - secretRef: name: {{ $.Values.fides.configuration.additionalEnvVarsSecret }} {{- end }} + {{- if $.Values.fides.workerConfiguration.useHttpProbe }} + ports: + - name: health + containerPort: 9000 + protocol: TCP + {{- end }} livenessProbe: {{- if $.Values.fides.workerConfiguration.useHttpProbe }} httpGet: