Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

healthcheck technical user with multiple authenticators #275

Open
fhennig opened this issue Jul 27, 2022 · 0 comments
Open

healthcheck technical user with multiple authenticators #275

fhennig opened this issue Jul 27, 2022 · 0 comments

Comments

@fhennig
Copy link
Member

fhennig commented Jul 27, 2022
edited
Loading

Problem

The k8s healthcheck probes make HTTP requests which get blocked by Druid if Authorization is enabled.

Proposed solution

We need a technical user to make these probe requests, in case authentication and authorization are enabled. Otherwise the endpoints cannot be queried.

Druid supports an authentication and authorization chain, with multiple authenticators/authorizers. We can add a second mini-authenticator for just a single health-check user, or maybe reuse the existing one for basic auth, on top of LDAP. we can then use this user to do our health checks. The user should be created automatically, with generated credentials.

Open Questions
sbernauer added a commit that referenced this issue Jul 27, 2022
@sbernauer
Revert "Add proper startup, liveness and readiness probes (#273)"
cc6902d 
This reverts commit 1f2e9a9.

The probes caused test failures when the opa authorizer was used.
See #275 for details.
@sbernauer sbernauer mentioned this issue Jul 27, 2022
Closed
7 tasks
bors bot pushed a commit that referenced this issue Jul 27, 2022
@sbernauer
Revert "Add proper startup, liveness and readiness probes (#273)" (#276)
f9511bf 
This reverts commit 1f2e9a9.

The probes caused test failures when the opa authorizer was used.
See #275 for details.
@fhennig fhennig mentioned this issue Aug 24, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fhennig