livenessProbe with secret not working in kubernetes

httpHeaders only supports value and name field does not handle valueFrom

$ kubectl explain pod.spec.containers.livenessProbe.httpGet.httpHeaders

KIND:     Pod
VERSION:  v1

RESOURCE: httpHeaders <[]Object>

DESCRIPTION:
     Custom headers to set in the request. HTTP allows repeated headers.

     HTTPHeader describes a custom header to be used in HTTP probes

FIELDS:
   name <string> -required-
     The header field name

   value        <string> -required-
     The header field value

You could try using env variable like.

spec:
  containers:
  - name: mycontainer
    image: myimage
    env:
      - name: MY_SECRET
        valueFrom:
          secretKeyRef:
            name: actuator-token
            key: token
    livenessProbe:
        httpGet:
          path: test/actuator/health
          port: 9001
          httpHeaders:
          - name: Authorization
            value: $SECRET

Not sure that @DT answer gonna work, there no documentation for that feature.

Also I made some tests and the example below not working for me:

spec:
  containers:
  - name: mycontainer
    image: myimage
    env:
      - name: TOKEN
        value: '12345'
    livenessProbe:
      httpGet:
        path: /v1/health
        port: 80
        httpHeaders:
        - name: Authorization
          value: Apikey $TOKEN

I'm getting 401 for my application because it can't substitute env variable for header value. I even tried many other options with single/double quotes, with brackets, none of them working.

Otherwise, you can use exec instead of httpGet, but it requires to have curl installed in your docker image.

spec:
  containers:
  - name: mycontainer
    image: myimage
    env:
      - name: TOKEN
        value: '12345'
    livenessProbe:
      exec:
        command:
        - bash
        - -c
        - 'curl --fail http://localhost/v1/health --header "Authorization: Apikey $TOKEN"'
    initialDelaySeconds: 30
    periodSeconds: 15

If you want to use valueFrom from your secret you don't need to decode variable inside a container. I will be already decoded.

In case you can't add curl package to your image, better to consider writing custom script based on language your application developed. Here is example for js: https://blog.sixeyed.com/docker-healthchecks-why-not-to-use-curl-or-iwr/

Also, check this question, there a similar answer How to use basic authentication in a HTTP liveness probe in Kubernetes?

Tags:

Spring Boot

Kubernetes

Kubernetes Secrets

Related

Elasticsearch 7.x circuit breaker - data too large - troubleshoot If lifecycleScope is supervisor, why its child coroutine's failure causes the app crash? C preprocessor - Prepending path for existing define How to animate a dashed arrow? How can I change the Python interpreter in virtual environment (Ubuntu 18.04LTS)? How to convert short[] into List<Short> in Java with streams? Why does the difference between 30 March and 1 March 2020 erroneously give 28 days instead of 29? Cannot resolve ViewModelProvider construction in a fragment? Sharing GPU memory between process on a same GPU with Pytorch Stop fragment refresh in bottom nav using navhost Flutter : How To Convert Future<String> to String? Building ASP.NET-Core 3.1 with .NET-Standard 2.0 projects leads to conflicting Microsoft.AspNetCore.Mvc.Analyzers assemblies

Recent Posts