3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 08:50:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

cmd/pomerium : restore /ping without hostname (#37)

Browse source 
Re-adding the hostless /ping for the authenticate service. Without these 4 lines, Pomerium fails to stay running when using the helm chart that's checked into the repo; the Kubernetes liveness/readiness probes don't see the pod as successfully running, and Kubernetes goes into an endless restart loop.

I have tried the following:

Adding httpHeaders: {name: "Host", value: "insert_redirect_uri_hostname_here"} to both probes to try to force it to recognize. Pomerium fails to stay running.
Removing the probes from the deployment definition. Pomerium successfully stays running and responds correctly. Thus it's certain that it's one of the probes failing.
Modifying the code here to log the request.host golang reports. It reports "10.x.x.x:443". (Actual pod internal IP address for the 10.x.x.x). That won't match the authHost.
This commit is contained in:
Bobby DeSimone 2019-01-31 13:02:51 -08:00 committed by GitHub
commit 9ca3ff4fa2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cmd/pomerium/main.go
View file

@ -68,6 +68,11 @@ func main() {
topMux := http.NewServeMux()
if authenticateService != nil {
// Need to handle ping without host lookup for LB
topMux.HandleFunc("/ping", func(rw http.ResponseWriter, _ *http.Request) {
rw.WriteHeader(http.StatusOK)
fmt.Fprintf(rw, "OK")
})
topMux.Handle(authHost+"/", authenticateService.Handler())
}
if proxyService != nil {