From b4b21f657cd198401bf6abc07f169ca2eb7ee4a6 Mon Sep 17 00:00:00 2001 From: Keegan Witt Date: Fri, 13 Dec 2024 10:49:47 -0500 Subject: [PATCH] Make health check path configurable and implement default health check configs Signed-off-by: Keegan Witt --- README.md | 3 +- cmd/spiffe-helper/config/config.go | 45 +++++++++++++++++++----------- pkg/health/health.go | 2 +- 3 files changed, 31 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index bda86d3..e6a3fa6 100644 --- a/README.md +++ b/README.md @@ -37,8 +37,9 @@ The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted f | `key_file_mode` | The octal file mode to use when saving the X.509 private key file. | `0600` | | `jwt_bundle_file_mode` | The octal file mode to use when saving a JWT Bundle file. | `0600` | | `jwt_svid_file_mode` | The octal file mode to use when saving a JWT SVID file. | `0600` | - | `health_checks.enable_health_check` | Whether to start an HTTP server at `/healthz` with the daemon health. Doesn't apply for non-daemon mode. | `false` | + | `health_checks.enable_health_check` | Whether to start an HTTP server at the configured endpoint for the daemon health. Doesn't apply for non-daemon mode. | `false` | | `health_checks.health_check_port` | The port to run the HTTP health server. | `8081` | +| `health_checks.health_check_path` | The URL path for the health check | `/healthz` | ### Configuration example ``` diff --git a/cmd/spiffe-helper/config/config.go b/cmd/spiffe-helper/config/config.go index 9a90b9b..0feda09 100644 --- a/cmd/spiffe-helper/config/config.go +++ b/cmd/spiffe-helper/config/config.go @@ -25,23 +25,25 @@ const ( defaultKeyFileMode = 0600 defaultJWTBundleFileMode = 0600 defaultJWTSVIDFileMode = 0600 + defaultHealthCheckPort = 8081 + defaultHealthCheckPath = "/healthz" ) type Config struct { - AddIntermediatesToBundle bool `hcl:"add_intermediates_to_bundle"` - AgentAddress string `hcl:"agent_address"` - Cmd string `hcl:"cmd"` - CmdArgs string `hcl:"cmd_args"` - PIDFileName string `hcl:"pid_file_name"` - CertDir string `hcl:"cert_dir"` - CertFileMode int `hcl:"cert_file_mode"` - KeyFileMode int `hcl:"key_file_mode"` - JWTBundleFileMode int `hcl:"jwt_bundle_file_mode"` - JWTSVIDFileMode int `hcl:"jwt_svid_file_mode"` - IncludeFederatedDomains bool `hcl:"include_federated_domains"` - RenewSignal string `hcl:"renew_signal"` - DaemonMode *bool `hcl:"daemon_mode"` - HealthCheck HealthCheckConfig `hcl:"health_checks"` + AddIntermediatesToBundle bool `hcl:"add_intermediates_to_bundle"` + AgentAddress string `hcl:"agent_address"` + Cmd string `hcl:"cmd"` + CmdArgs string `hcl:"cmd_args"` + PIDFileName string `hcl:"pid_file_name"` + CertDir string `hcl:"cert_dir"` + CertFileMode int `hcl:"cert_file_mode"` + KeyFileMode int `hcl:"key_file_mode"` + JWTBundleFileMode int `hcl:"jwt_bundle_file_mode"` + JWTSVIDFileMode int `hcl:"jwt_svid_file_mode"` + IncludeFederatedDomains bool `hcl:"include_federated_domains"` + RenewSignal string `hcl:"renew_signal"` + DaemonMode *bool `hcl:"daemon_mode"` + HealthCheck *HealthCheckConfig `hcl:"health_checks"` // x509 configuration SVIDFileName string `hcl:"svid_file_name"` @@ -56,8 +58,9 @@ type Config struct { } type HealthCheckConfig struct { - EnableHealthCheck *bool `hcl:"enable_health_check"` - HealthCheckPort int `hcl:"health_check_port"` + EnableHealthCheck *bool `hcl:"enable_health_check"` + HealthCheckPort int `hcl:"health_check_port"` + HealthCheckPath string `hcl:"health_check_path"` } type JWTConfig struct { @@ -168,10 +171,18 @@ func (c *Config) ValidateConfig(log logrus.FieldLogger) error { c.JWTSVIDFileMode = defaultJWTSVIDFileMode } - if c.HealthCheck.EnableHealthCheck == nil { + if c.HealthCheck == nil || c.HealthCheck.EnableHealthCheck == nil { defaultEnableHealthCheck := false c.HealthCheck.EnableHealthCheck = &defaultEnableHealthCheck } + if c.HealthCheck.HealthCheckPort < 0 { + return errors.New("health check port must be positive") + } else if c.HealthCheck.HealthCheckPort == 0 { + c.HealthCheck.HealthCheckPort = defaultHealthCheckPort + } + if c.HealthCheck.HealthCheckPath == "" { + c.HealthCheck.HealthCheckPath = defaultHealthCheckPath + } return nil } diff --git a/pkg/health/health.go b/pkg/health/health.go index 689d7a8..fe0f706 100644 --- a/pkg/health/health.go +++ b/pkg/health/health.go @@ -23,7 +23,7 @@ func StartHealthServer(configFile string, daemonModeFlag bool, log logrus.FieldL } if *hclConfig.DaemonMode && *hclConfig.HealthCheck.EnableHealthCheck { - http.HandleFunc("/healthz", func(w http.ResponseWriter, _ *http.Request) { + http.HandleFunc(hclConfig.HealthCheck.HealthCheckPath, func(w http.ResponseWriter, _ *http.Request) { healthy := sidecar.CheckHealth() if healthy { _, err := w.Write([]byte(http.StatusText(http.StatusOK)))