I have a Docker container that expose a health check that is protected by a basic authentication. I've read the documentation on liveness probes here but I cannot find any details of how to specify basic auth credentials. Is this not supported by Kubernetes? Are there any workarounds?
I also faced this problem and I used TCP Socket Checks by Openshift. You have to provide the port on which server is running.
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 15
timeoutSeconds: 1It is now possible to add headers for liveness probes:
livenessProbe:
httpGet:
path: /healthz
port: 8080
httpHeaders:
- name: Authorization
value: Basic aGE6aGE=It may be worth noting that:
if the browser uses Aladdin as the username and OpenSesame as the password, then the field's value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l. Then the Authorization header will appear as:
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
Source: https://en.wikipedia.org/wiki/Basic_access_authentication
You can use the command base64 in your shell to create this string:
echo -n "Aladdin:OpenSesame" | base64There is no direct support for an authenticated HTTP probe. If you cannot expose an unauthenticated health check (on a cluster internal IP), then I think your best bet is to use a probe with an ExecAction, and a command like:
curl -G --fail --silent --output=/dev/null -u ${AUTH_USER}:${AUTH_PASSWD} localhost:${AUTH_PORT}Note that the command is executed inside the health-checked container, so you will need to do something slightly different if it's set up to bypass auth for localhost connections.