Closed kkimurak closed 4 days ago
request for comment: Should this PR contain all suggestion in #2766?
@kkimurak Yes, this would be nice. However, do you have an idea to adress all issues?
@sachilles Ok, I'll try to implement it by the next release. As far as I checked, the suggestion contains everything to do.
@kkimurak Thank you! But please bear in mind that the reverse proxy can also play an important role in the choice of protocol in the curl command (depending on whether the reverse proxy terminates the SSL connection or not).
I've implemented all (4) changes and rebased on the current master (v17.3.3), but I haven't been able to test them yet as my local environment has become very slow. It's taking over 10 hours to build the image..
CI failed due to timeout.
Now CI looks succeed. It seems like it was automatically restarted after it failed.
@kkimurak I did the restart of the CI. However, in my setup the healthcheck is working. I'll backport the healthcheck into the 17.x branches and the 16.11.x branch as well.
Backport is done by cherry-picking the commits.
@sachilles Thank you.
You're welcome.
close #2992, partially implement #2766
Access to health check resources such as /-/liveness is restricted to IPs specified in gitlab.monitoring.ip_whitelist (
GITLAB_MONITORING_IP_WHITELIST
). Currently healthcheck may report unhealthy because the namelocalhost
is solved to IPv6 loopback address (::1) that is not listed in the whitelist by default.This PR fix the issue by using 127.0.0.1 (IPv4 loopback address) instead of
localhost
for monitoring endpoint url.Possible alternate designs:
net.ipv6.conf.all.disable_ipv6=1
in docker-compose.yml for example See https://github.com/sameersbn/docker-gitlab/issues/2766#issuecomment-2098030791/cc @Gaibhne I have create commit based on your suggestion in #2766 so I have set you an author of the commit. Let me know if you don't like it.