Reputation: 2219
Does Kubernetes liveness probes support user authentication with PKIs?
I am trying to access some of our rest endpoints to check that our API container is up and running. If I can specify a PKI I can access our endpoints which currently are all behind authentication. Is this possible?
If not I will have to add a new endpoint.
Upvotes: 1
Views: 981
Answers (2)
Reputation: 2269
Step 1: add curl to your container image REF, Hint: Modify the Docker file to include curl.
Step 2: (in kubernetes deployment) configure the resource to mount the certs needed to query (GET request) the REST endpoint. REF Hint: Follow the way serviceaccount credentials are mounted to a POD.
Step 3: Now use those certs which are mounted to your container. In the liveness probe to curl it the way shown here
At this point if you have curled successfully with status code 200. you will have a linux comand execution code 0 which lead to successfull liveness check else the pod will be restarted.
Upvotes: 3
Reputation: 387
You can try to implement it with an external curl script and a liveness probe with liveness command, adding certs as secrets and mounting it, and exec curl like:
curl -v --cacert /mounted/cd/secret/ca.pem \
--key /mounted/secret/key/key.pem --cert /mounted/secret/cert/admin.pem \
http://liveness/probe/url
Regards.
Upvotes: 1
Related Questions
- who/where actually work liveness probe in kubernetes?
- Fake liveness/readiness probe in kubernetes
- Multiple liveness probes in kuberenetes
- Kubernetes default liveness and readiness probe
- Kubernetes Command Based Liveness Probes
- Kubernetes: How to simulate a liveness probe on distroless containers?
- Does k8s support https liveness and readness probe
- Kubernetes liveness probe: can a pod monitor its own stdout?
- How to use basic authentication in a HTTP liveness probe in Kubernetes?
- liveness probes for manually created Endpoints