mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-06 05:27:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make the supervisor healthz endpoint public

Browse Source 
Based on our experiences today with GKE, it will be easier for our users
to configure Ingress health checks if the healthz endpoint is available
on the same public port as the OIDC endpoints.

Also add an integration test for the healthz endpoint now that it is
public.

Also add the optional `containers[].ports.containerPort` to the
supervisor Deployment because the GKE docs say that GKE will look
at that field while inferring how to invoke the health endpoint. See
https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#def_inf_hc
This commit is contained in:
Ryan Richard
2020-10-21 15:24:48 -07:00
parent 5dbc03efe9
commit 122f7cffdb
3 changed files with 66 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
cmd/pinniped-supervisor/main.go
View File

@@ -159,8 +159,15 @@ func run(serverInstallationNamespace string, cfg *supervisor.Config) error {
pinnipedinformers.WithNamespace(serverInstallationNamespace),
)
// Serve the /healthz endpoint and make all other paths result in 404.
healthMux := http.NewServeMux()
healthMux.Handle("/healthz", http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
_, _ = writer.Write([]byte("ok"))
}))
dynamicJWKSProvider := jwks.NewDynamicJWKSProvider()
oidProvidersManager := manager.NewManager(http.NotFoundHandler(), dynamicJWKSProvider)
// OIDC endpoints will be served by the oidProvidersManager, and any non-OIDC paths will fallback to the healthMux.
oidProvidersManager := manager.NewManager(healthMux, dynamicJWKSProvider)
startControllers(ctx, cfg, oidProvidersManager, dynamicJWKSProvider, kubeClient, pinnipedClient, kubeInformers, pinnipedInformers)
//nolint: gosec // Intentionally binding to all network interfaces.
@@ -171,18 +178,6 @@ func run(serverInstallationNamespace string, cfg *supervisor.Config) error {
defer l.Close()
start(ctx, l, oidProvidersManager)
//nolint: gosec // Intentionally binding to all network interfaces.
healthzListener, err := net.Listen("tcp", ":8080")
if err != nil {
return fmt.Errorf("cannot create healthzListener: %w", err)
}
defer healthzListener.Close()
healthzMux := http.NewServeMux()
healthzMux.Handle("/healthz", http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
_, _ = writer.Write([]byte("ok"))
}))
start(ctx, healthzListener, healthzMux)
klog.InfoS("supervisor is ready", "address", l.Addr().String())
gotSignal := waitForSignal()