Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃尡 /pkg/proxy/server: handle /readyz and /livez outside of the auth chain #2747

Merged
merged 1 commit into from
Feb 8, 2023
Merged

馃尡 /pkg/proxy/server: handle /readyz and /livez outside of the auth chain #2747

merged 1 commit into from
Feb 8, 2023

Conversation

s-urbaniak
Copy link
Contributor

Summary

To simplify deployment we want the /readyz and /livez not be handled by the regular auth chain. This allows us to use simple httpGet kube probes.

Related issue(s)

Related helm chart update: kcp-dev/helm-charts#24

@s-urbaniak
/pkg/proxy/server: handle /readyz and /livez outside of the auth chain
1fe028e 
This allows us to use simple httpGet kube probes.
@openshift-ci openshift-ci bot requested review from csams and ncdc February 3, 2023 13:03
@s-urbaniak
Copy link
Contributor Author

cc @sttts @hardys

@hardys
Copy link

hardys commented Feb 3, 2023

/retest

failed to clone a repo so presumably temporary network disruption

@s-urbaniak s-urbaniak changed the title /pkg/proxy/server: handle /readyz and /livez outside of the auth chain 馃尡 /pkg/proxy/server: handle /readyz and /livez outside of the auth chain Feb 6, 2023
@hardys
Copy link

hardys commented Feb 6, 2023
edited

/lgtm

Thanks for picking this up @s-urbaniak - for historical context, I didn't do this in #2178 because I was thinking we don't want any unauthenticated access to the proxy at all.

However I didn't consider liveness probes at that point (or more specifically that httpGet doesn't support client cert authentication), and after discussion it seems reasonable to expose these given there is a very low cost for hitting them (probably less than rejecting an unauthenticated request to any other path)

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 6, 2023
@sttts
Copy link
Member

sttts commented Feb 8, 2023

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 8, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 8, 2023
@ncdc
Copy link
Member

ncdc commented Feb 8, 2023

kcp-dev/contrib-tmc#53
/retest

@ncdc
Copy link
Member

ncdc commented Feb 8, 2023

PV flake, which has been fixed
/retest

@openshift-merge-robot openshift-merge-robot merged commit b9f1494 into kcp-dev:main Feb 8, 2023
@s-urbaniak s-urbaniak deleted the proxy-healthz-livez branch February 13, 2023 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csams csams Awaiting requested review from csams

@ncdc ncdc Awaiting requested review from ncdc

Assignees

@hardys hardys

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@s-urbaniak @hardys @sttts @ncdc @openshift-merge-robot