Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix OIDC healthcheck to work with k8s healthprobes #3580

Merged
merged 2 commits into from
Nov 9, 2022

Conversation

marcofranssen
Copy link
Contributor

Pull Request check list

  • Commit conforms to CONTRIBUTING.md?
  • Proper tests/regressions included?
  • Documentation updated?

Affected functionality

oidc-provider healthcheck endpoint

Description of change

Allows the healthcheck to be called by ip address as well, so it works for kubernetes healthprobes.

Which issue this PR fixes

fixes #3572

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
@azdagron azdagron added this to the 1.5.1 milestone Nov 8, 2022
@MarcosDY MarcosDY merged commit 3a59711 into spiffe:main Nov 9, 2022
@marcofranssen
Copy link
Contributor Author

@MarcosDY @azdagron According to the changelog of releases this hotfix has not been released yet.

Can we get a hotfix release for this? 1.5.2?

@marcofranssen marcofranssen deleted the fix-oidc-healthcheck branch November 15, 2022 11:01
@azdagron
Copy link
Member

We don't typically do one-off patch releases for bug fixes unless it is a regression. In this instance, the health checks never worked on K8s to begin with. Are we overlooking a reason that this should be treated more urgently?

In any case, I'll bring it up in today's contributor sync meeting.

@marcofranssen
Copy link
Contributor Author

marcofranssen commented Nov 15, 2022

Only reason is that I want to enable the healthchecks again on the helm-chart. Since we moved to use the scratch images I can't use the old ps aux approach anymore.

https://github.com/philips-labs/helm-charts/blob/main/charts/spire/templates/oidc-deployment.yaml#L58-L70

No hurry just trying to understand an approx timeframe.

@azdagron
Copy link
Member

I see. 1.5.2 is currently scheduled to be released on Dec 14th. In the meantime, would it suffice to hit the existing HTTP endpoints (i.e. GET /.well-known/openid-configuration, GET /keys)?

@azdagron
Copy link
Member

You can also test using the nightly images if that helps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

oidc-discovery-provider healthcheck endpoint does not work
3 participants