RC 0.0.3 (#4)

* add liveness check for opa

* adds liveness and readiness checks

.gitignore

@@ -1 +1,3 @@
 .idea
+charts/opa-nginx/manifest.yaml
+

Dockerfile

@@ -6,14 +6,14 @@ WORKDIR /app
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
-RUN CGO_ENABLED=0 go build -o /bin/ino
+RUN CGO_ENABLED=0 go build -o /bin/opa-nginx
 RUN echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/nope" > passwd
 
 FROM scratch
 
-COPY --from=builder /bin/ino /bin/ino
+COPY --from=builder /bin/opa-nginx /bin/opa-nginx
 COPY --from=builder /app/passwd /etc/passwd
 USER nobody
 ENV OPA_URL=https://127.0.0.1:8181
-ENTRYPOINT ["/bin/ino"]
+ENTRYPOINT ["/bin/opa-nginx"]
 CMD ["serve"]

charts/opa-nginx/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: opa-nginx
 description: OPA Nginx Auth Request Integration
 type: application
-version: 0.0.2
-appVersion: 0.0.2
+version: 0.0.3
+appVersion: 0.0.3

charts/opa-nginx/templates/deployment.yaml

@@ -30,8 +30,28 @@ spec:
             - --tls-private-key-file=/certs/tls.key
             - --addr=localhost:8181
             - --log-level={{ .Values.opa.logLevel }}
+            - --diagnostic-addr=0.0.0.0:8080
+            - --disable-telemetry
             - --log-format=json
             - /policy
+          livenessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /health
+              port: 8080
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 6
+          readinessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /health
+              port: 8080
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 1
           volumeMounts:
             - mountPath: /certs
               name: certs
@@ -69,6 +89,24 @@ spec:
             - name: http
               containerPort: 8282
               protocol: TCP
+          livenessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /healthz
+              port: 8282
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 6
+          readinessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /healthz
+              port: 8282
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 1
           volumeMounts:
             - mountPath: /certs
               name: certs

charts/opa-nginx/values.yaml

@@ -2,7 +2,7 @@
 nameOverride: ""
 replicaCount: 3
 opaNginx:
-  image: richardjennings/opa-nginx:0.0.2
+  image: richardjennings/opa-nginx:0.0.3
   imagePullPolicy: IfNotPresent
   #authenticatedKey: "verified"
   #authenticatedValue: "true"

cmd/serve.go

@@ -34,12 +34,19 @@ var serveCmd = &cobra.Command{
 		if err != nil {
 			log.Fatalln(err)
 		}
+
+		mux := http.NewServeMux()
+		mux.HandleFunc("/", internal.NewHandler(&internal.OpaProxy{Config: config}))
+		mux.HandleFunc("/healthz", func(writer http.ResponseWriter, request *http.Request) {
+			writer.WriteHeader(200)
+		})
 		server := &http.Server{
 			Addr:         defaultAddr,
-			Handler:      internal.NewHandler(&internal.OpaProxy{Config: config}),
+			Handler:      mux,
 			ReadTimeout:  5 * time.Second,
 			WriteTimeout: 10 * time.Second,
 		}
+
 		if tlsCertFile != "" && tlsPrivateKeyFile != "" {
 			log.Fatalln(server.ListenAndServeTLS(tlsCertFile, tlsPrivateKeyFile))
 		}