K
Q

Define a livenessProbe with secret httpHeaders

1/21/2017

I want to define a livenessProbe with an httpHeader whose value is secret.

This syntax is invalid:

livenessProbe:
  httpGet:
    path: /healthz
    port: 8080
    httpHeaders:
      - name: X-Custom-Header
        valueFrom:
          secretKeyRef:
            name: my-secret-key
            value: secret

If I specify my-secret-key with value secret as an environment variable named MY_SECRET_KEY, the following could work:

livenessProbe:
  exec:
    command:
      - curl
      - --fail
      - -H
      - "X-Custom-Header: $MY_SECRET_KEY"
      - 'http://localhost:8080/healthz'

Unfortunately it doesn't due to the way the quotations are being evaluated. If I type the command curl --fail -H "X-Custom-Header: $MY_SECRET_KEY" http://localhost:8080/healthz directly on the container, it works.

I've also tried many combinations of single quotes and escaping the double quotes.

Does anyone know of a workaround?

-- Jenna Quindica
kubernetes
kubernetes-health-check

Similar Questions

Recommended DNS setup for one service running in multiple clusters?
Can multiple persistence volume claims bind to same persistence volume in Kubernetes
Having trouble getting Fabric8 set up on Mac OS
Kubernetes service dns resolution returning wrong IP

2 Answers

12/17/2019

Here some examples with curl and wget:

exec:
command:
  - /bin/sh
  - -c
  - "curl -H 'Authorization: Bearer $(AUTH_TOKEN)' 'http://example.com'"
exec:
  command:
  - /bin/sh
  - -c
  - "wget --spider --header \"Authorization: Bearer $AUTH_TOKEN\" http://some.api.com/spaces/${SPACE_ID}/entries"
-- debiasej
Source: StackOverflow
1/22/2017

One workaround I can think of is to create some bash script to run this health check, and put your secret data to the environment as usual.

-- lwolf
Source: StackOverflow