livenessProbe with secret not working in kubernetes
httpHeaders only supports
name field does not handle
$ kubectl explain pod.spec.containers.livenessProbe.httpGet.httpHeaders KIND: Pod VERSION: v1 RESOURCE: httpHeaders <Object> DESCRIPTION: Custom headers to set in the request. HTTP allows repeated headers. HTTPHeader describes a custom header to be used in HTTP probes FIELDS: name <string> -required- The header field name value <string> -required- The header field value
You could try using env variable like.
spec: containers: - name: mycontainer image: myimage env: - name: MY_SECRET valueFrom: secretKeyRef: name: actuator-token key: token livenessProbe: httpGet: path: test/actuator/health port: 9001 httpHeaders: - name: Authorization value: $SECRET
Not sure that @DT answer gonna work, there no documentation for that feature.
Also I made some tests and the example below not working for me:
spec: containers: - name: mycontainer image: myimage env: - name: TOKEN value: '12345' livenessProbe: httpGet: path: /v1/health port: 80 httpHeaders: - name: Authorization value: Apikey $TOKEN
I'm getting 401 for my application because it can't substitute env variable for header value. I even tried many other options with single/double quotes, with brackets, none of them working.
Otherwise, you can use
exec instead of
httpGet, but it requires to have curl installed in your docker image.
spec: containers: - name: mycontainer image: myimage env: - name: TOKEN value: '12345' livenessProbe: exec: command: - bash - -c - 'curl --fail http://localhost/v1/health --header "Authorization: Apikey $TOKEN"' initialDelaySeconds: 30 periodSeconds: 15
If you want to use
valueFrom from your secret you don't need to decode variable inside a container. I will be already decoded.
In case you can't add curl package to your image, better to consider writing custom script based on language your application developed. Here is example for js: https://blog.sixeyed.com/docker-healthchecks-why-not-to-use-curl-or-iwr/
Also, check this question, there a similar answer How to use basic authentication in a HTTP liveness probe in Kubernetes?