Open AndersBennedsgaard opened 2 weeks ago
@AndersBennedsgaard thanks for trying out zot!
Do you want to consider a liveness command
instead?
https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command
^ this would give you more flexibility with curl
for example.
That would definitely be a possibility, yes. That would allow for you to mount the credentials as an environment variable from a Secret, instead of having it as plain-text in the Deployment.
However, there is no curl
, wget
, or anything similar packaged into the Zot container at the moment since it is based on a distroless image, so if I wanted to use exec
probes I would have to create a custom build with it.
But I would still prefer a health-check endpoint, to remove the requirement for managing extra credentials just for checking if the service is up. I could also just configure the ingress controller to expose the healthcheck path, if I didn't want users to access it
Is your feature request related to a problem? Please describe.
I do not want to allow anonymous access to my Zot instance, and I also do not want to set the authorization header (using
htpasswd
) for my Kubernetes liveness probes, since that will expose a valid authentication header to anyone that has read access to deployments on my Kubernetes clusters.Describe the solution you'd like
Add a
/health
or/healthz
endpoint to Zot, which just returns HTTP 200. This shows that the server is up and runningDescribe alternatives you've considered
Remove the liveness probes, or set a TCP liveness probe up instead, to test if the application listens on the configured port.
Additional context
Multiple issues and other references have been created for this, but they have either been closed with no explanation or explain that it is not needed (which I think it is. It is pretty standard practice for applications running in the cloud). Some references to existing issues/PRs include: https://github.com/project-zot/zot/issues/1767, https://github.com/project-zot/zot/issues/196, https://github.com/project-zot/zot/issues/2087, and https://github.com/project-zot/zot/pull/197