I have a Docker container that expose a health check that is protected by a basic authentication. I've read the documentation on liveness probes here but I cannot find any details of how to specify basic auth credentials. Is this not supported by Kubernetes? Are there any workarounds?
Asked
Active
Viewed 2.0k times
2 Answers
58
It is now possible to add headers for liveness probes:
livenessProbe:
httpGet:
path: /healthz
port: 8080
httpHeaders:
- name: Authorization
value: Basic aGE6aGE=
It may be worth noting that:
if the browser uses Aladdin as the username and OpenSesame as the password, then the field's value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l. Then the Authorization header will appear as:
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
Source: https://en.wikipedia.org/wiki/Basic_access_authentication
You can use the command base64 in your shell to create this string:
echo -n "Aladdin:OpenSesame" | base64
5
There is no direct support for an authenticated HTTP probe. If you cannot expose an unauthenticated health check (on a cluster internal IP), then I think your best bet is to use a probe with an ExecAction, and a command like:
curl -G --fail --silent --output=/dev/null -u ${AUTH_USER}:${AUTH_PASSWD} localhost:${AUTH_PORT}
Note that the command is executed inside the health-checked container, so you will need to do something slightly different if it's set up to bypass auth for localhost connections.
Tim Allclair
- 7,347
- 2
- 27
- 25