Reputation: 204
Define a livenessProbe with secret httpHeaders
I want to define a livenessProbe with an httpHeader whose value is secret.
This syntax is invalid:
livenessProbe:
httpGet:
path: /healthz
port: 8080
httpHeaders:
- name: X-Custom-Header
valueFrom:
secretKeyRef:
name: my-secret-key
value: secret
If I specify my-secret-key with value secret as an environment variable named MY_SECRET_KEY, the following could work:
livenessProbe:
exec:
command:
- curl
- --fail
- -H
- "X-Custom-Header: $MY_SECRET_KEY"
- 'http://localhost:8080/healthz'
Unfortunately it doesn't due to the way the quotations are being evaluated. If I type the command curl --fail -H "X-Custom-Header: $MY_SECRET_KEY" http://localhost:8080/healthz directly on the container, it works.
I've also tried many combinations of single quotes and escaping the double quotes.
Does anyone know of a workaround?
Upvotes: 13
Views: 3714
Answers (2)
Reputation: 1060
Here some examples with curl and wget:
exec:
command:
- /bin/sh
- -c
- "curl -H 'Authorization: Bearer $(AUTH_TOKEN)' 'http://example.com'"
exec:
command:
- /bin/sh
- -c
- "wget --spider --header \"Authorization: Bearer $AUTH_TOKEN\" http://some.api.com/spaces/${SPACE_ID}/entries"
Upvotes: 2
Reputation: 980
One workaround I can think of is to create some bash script to run this health check, and put your secret data to the environment as usual.
Upvotes: 1
Related Questions
- liveness probe for microservice without http
- Availability with Kubernetes
- Kubernetes Command Based Liveness Probes
- Kubernetes livenessProbe http result?
- Is that possible to use Http and Command livenessProbe in the same deployment?
- Kubernetes http livenessProbe use https?
- How to define Pod health check port for livenessProbe/readinessProbe
- Liveness probe with http post
- How to ignore http requests health check in kubernetes within liveness probe / readiness probe?
- How to define a liveness command