[helm] Liveness probe fails when basic auth is enabled
Closed this issue · 2 comments
bykvaadm commented
Describe the bug
k8s tries to reach pod via http get method and gets 401 unathorized, then pod is killed by k8s.
To Reproduce
enable basic auth variables in env
Expected behavior
pod is ready to serve
Additional context
what should u do: (there may be some mistakes in code below, it is untested)
- fix liveness probes in deployment
livenessProbe:
httpGet:
path: /
port: http
{{- if .Values.basic_auth.enabled }}
httpHeaders:
- name: Authorization
value: Basic {{ BasicAuthSecret }}
{{- end }}
readinessProbe:
httpGet:
path: /
port: http
{{- if .Values.basic_auth.enabled }}
httpHeaders:
- name: Authorization
value: Basic {{ BasicAuthSecret }}
{{- end }}
P.S. u should avoid using liveness and readiness together if they are exact copy of each other
- fix env variable in deployment
env:
{{- range $key, $value := .Values.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
{{- if .Values.basic_auth.enabled }}
- name: BASIC_AUTH_USERNAME
value: "{{ .Values.basic_auth.username }}"
- name: BASIC_AUTH_PASSWORD
value: "{{ .Values.basic_auth.password }}"
{{- end }}
- create a helper template variable BasicAuthSecret using smth like
{{- define "BasicAuthSecret" }}
{{- (printf "%s:%s" .Values.basic_auth.username .Values.basic_auth.password) | b64enc }}
{{- end }}
- add auth block in values.yaml
basic_auth:
enabled: false
# username: example
# password: mysecreto
- Add in docs info about enabling basic auth (not putting them in env variable)
brotandgames commented
@bykvaadm Thanks for reporting. The section Additional context is not meant to be a place for problem solution. This is what a PR is for.
brotandgames commented
Closed by #63