WhatsApp / WhatsApp-Business-API-Setup-Scripts

The scripts related to setting up WhatsApp business API

MIT License

423 stars 444 forks source link

Include basic liveness & readiness probes #87

Open bmm-alc opened 1 year ago

bmm-alc commented 1 year ago

(taking the same text than the previous PR)

Include a HTTPS request to the root path (/) that returns a 200 OK and does not require a token to be requested.

This is important because, if the lighttpd server dies, the container keeps running and K8s never notices. You can reproduce this behavior by entering the container (e.g. kubectl exec -it xxxxx sh) and sending a kill -9 to the lighttpd process.

With this change, kubernetes notices the pod is no longer live > kill it > relaunch it and everything keeps running.

patch from https://github.com/WhatsApp/WhatsApp-Business-API-Setup-Scripts/pull/48

facebook-github-bot commented 1 year ago

Hi @bmm-alc!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

facebook-github-bot commented 1 year ago

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!

facebook-github-bot commented 1 year ago

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!

Goodsmileduck commented 1 year ago

Hi, won't it better to add something with Auth and request /v1/health instead? Like

        livenessProbe:
          exec:
            command:
            - 'bash'
            - '-c'
            - 'curl --fail -k https://localhost:443/v1/health --header "Authorization: Apikey ${WA_API_KEY}"'
          initialDelaySeconds: 30
          periodSeconds: 15
...
        env:
        - name: WA_API_KEY
          valueFrom:
            secretKeyRef:
              name: some_wa_secret
              key: WA_API_KEY
...

You can generate api key and put it into secret some_wa_secret and value like WA_API_KEY: base64 secret

secret also could be autogenerated in _helpers if using helm chart:

{{- define "livenessProbeToken" -}}
{{- $token := (lookup "v1" "Secret" .Release.Namespace .Values.tokenSecretName ) -}}
{{- if $token -}}
{{- $token.data.WA_API_KEY -}}
{{- else -}}
{{- randAlpha 20 | b64enc -}}
{{- end -}}
{{- end -}}

and then secret yaml

---
apiVersion: v1
kind: Secret
metadata:
  name: some_wa_secret
data:
  WA_API_KEY: {{ template "livenessProbeToken" . }}