diff --git a/authentik/root/asgi.py b/authentik/root/asgi.py index e3dd85374..2beb79dd0 100644 --- a/authentik/root/asgi.py +++ b/authentik/root/asgi.py @@ -94,12 +94,6 @@ class ASGILogger: self.log(runtime) await send(message) - if self.headers.get(b"host", b"") == b"authentik-healthcheck-host": - # Don't log healthcheck/readiness requests - await send({"type": "http.response.start", "status": 204, "headers": []}) - await send({"type": "http.response.body", "body": ""}) - return - self.start = time() if scope["type"] == "lifespan": # https://code.djangoproject.com/ticket/31508 @@ -129,7 +123,7 @@ class ASGILogger: method=self.scope.get("method", ""), scheme=self.scope.get("scheme", ""), status=self.status_code, - size=self.content_length / 1000 if self.content_length > 0 else "-", + size=self.content_length / 1000 if self.content_length > 0 else 0, runtime=runtime, ) diff --git a/authentik/root/monitoring.py b/authentik/root/monitoring.py index 1ffa0d87f..7b2aaa972 100644 --- a/authentik/root/monitoring.py +++ b/authentik/root/monitoring.py @@ -2,6 +2,8 @@ from base64 import b64encode from django.conf import settings +from django.db import connections +from django.db.utils import OperationalError from django.http import HttpRequest, HttpResponse from django.views import View from django_prometheus.exports import ExportToDjangoView @@ -23,3 +25,22 @@ class MetricsView(View): return response return ExportToDjangoView(request) + + +class LiveView(View): + """View for liveness probe, always returns Http 201""" + + def dispatch(self, request: HttpRequest) -> HttpResponse: + return HttpResponse(status=201) + + +class ReadyView(View): + """View for liveness probe, always returns Http 201""" + + def dispatch(self, request: HttpRequest) -> HttpResponse: + db_conn = connections["default"] + try: + _ = db_conn.cursor() + except OperationalError: + return HttpResponse(status=503) + return HttpResponse(status=201) diff --git a/authentik/root/urls.py b/authentik/root/urls.py index ec166b070..f920680c0 100644 --- a/authentik/root/urls.py +++ b/authentik/root/urls.py @@ -9,7 +9,7 @@ from structlog.stdlib import get_logger from authentik.core.views import error from authentik.lib.utils.reflection import get_apps -from authentik.root.monitoring import MetricsView +from authentik.root.monitoring import LiveView, MetricsView, ReadyView LOGGER = get_logger() admin.autodiscover() @@ -57,6 +57,8 @@ for _authentik_app in get_apps(): urlpatterns += [ path("administration/django/", admin.site.urls), path("metrics/", MetricsView.as_view(), name="metrics"), + path("-/health/live/", LiveView.as_view(), name="health-live"), + path("-/health/ready/", ReadyView.as_view(), name="health-ready"), path("-/jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"), ] diff --git a/docker-compose.yml b/docker-compose.yml index 0d91cfdf3..0a9917cd2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -40,7 +40,7 @@ services: traefik.http.routers.app-router.rule: PathPrefix(`/`) traefik.http.routers.app-router.service: app-service traefik.http.routers.app-router.tls: 'true' - traefik.http.services.app-service.loadbalancer.healthcheck.hostname: authentik-healthcheck-host + traefik.http.services.app-service.loadbalancer.healthcheck.path: /-/health/live/ traefik.http.services.app-service.loadbalancer.server.port: '8000' env_file: - .env diff --git a/helm/templates/web-deployment.yaml b/helm/templates/web-deployment.yaml index cf80508bd..c30562287 100644 --- a/helm/templates/web-deployment.yaml +++ b/helm/templates/web-deployment.yaml @@ -97,18 +97,12 @@ spec: protocol: TCP livenessProbe: httpGet: - path: / + path: /-/health/live/ port: http - httpHeaders: - - name: Host - value: authentik-healthcheck-host readinessProbe: httpGet: - path: / + path: /-/health/ready/ port: http - httpHeaders: - - name: Host - value: authentik-healthcheck-host resources: requests: cpu: 100m