root: monitor redis in readiness check, relax monitoring period
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
35232afa7e
commit
12b1f53948
|
|
@ -7,6 +7,8 @@ from django.db.utils import OperationalError
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from django_prometheus.exports import ExportToDjangoView
|
from django_prometheus.exports import ExportToDjangoView
|
||||||
|
from django_redis import get_redis_connection
|
||||||
|
from redis.exceptions import RedisError
|
||||||
|
|
||||||
|
|
||||||
class MetricsView(View):
|
class MetricsView(View):
|
||||||
|
|
@ -35,12 +37,17 @@ class LiveView(View):
|
||||||
|
|
||||||
|
|
||||||
class ReadyView(View):
|
class ReadyView(View):
|
||||||
"""View for liveness probe, always returns Http 201"""
|
"""View for readiness probe, always returns Http 201, unless sql or redis is down"""
|
||||||
|
|
||||||
def dispatch(self, request: HttpRequest) -> HttpResponse:
|
def dispatch(self, request: HttpRequest) -> HttpResponse:
|
||||||
db_conn = connections["default"]
|
|
||||||
try:
|
try:
|
||||||
|
db_conn = connections["default"]
|
||||||
_ = db_conn.cursor()
|
_ = db_conn.cursor()
|
||||||
except OperationalError:
|
except OperationalError:
|
||||||
return HttpResponse(status=503)
|
return HttpResponse(status=503)
|
||||||
|
try:
|
||||||
|
redis_conn = get_redis_connection()
|
||||||
|
redis_conn.ping()
|
||||||
|
except RedisError:
|
||||||
|
return HttpResponse(status=503)
|
||||||
return HttpResponse(status=201)
|
return HttpResponse(status=201)
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ services:
|
||||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: true
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||||
volumes:
|
volumes:
|
||||||
- ./media:/media
|
- ./media:/media
|
||||||
- ./custom-templates:/templates
|
- ./custom-templates:/templates
|
||||||
|
|
@ -57,7 +57,7 @@ services:
|
||||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: true
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||||
volumes:
|
volumes:
|
||||||
- ./backups:/backups
|
- ./backups:/backups
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
|
@ -75,7 +75,8 @@ services:
|
||||||
traefik.http.routers.static-router.rule: PathPrefix(`/static`, `/if`, `/media`, `/robots.txt`, `/favicon.ico`)
|
traefik.http.routers.static-router.rule: PathPrefix(`/static`, `/if`, `/media`, `/robots.txt`, `/favicon.ico`)
|
||||||
traefik.http.routers.static-router.tls: 'true'
|
traefik.http.routers.static-router.tls: 'true'
|
||||||
traefik.http.routers.static-router.service: static-service
|
traefik.http.routers.static-router.service: static-service
|
||||||
traefik.http.services.static-service.loadbalancer.healthcheck.path: /
|
traefik.http.services.static-service.loadbalancer.healthcheck.path: /-/health/ready/
|
||||||
|
traefik.http.services.static-service.loadbalancer.healthcheck.interval: 30s
|
||||||
traefik.http.services.static-service.loadbalancer.server.port: '80'
|
traefik.http.services.static-service.loadbalancer.server.port: '80'
|
||||||
volumes:
|
volumes:
|
||||||
- ./media:/usr/share/nginx/html/media
|
- ./media:/usr/share/nginx/html/media
|
||||||
|
|
|
||||||
|
|
@ -108,11 +108,13 @@ spec:
|
||||||
path: /-/health/live/
|
path: /-/health/live/
|
||||||
port: http
|
port: http
|
||||||
initialDelaySeconds: 15
|
initialDelaySeconds: 15
|
||||||
|
periodSeconds: 30
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /-/health/ready/
|
path: /-/health/ready/
|
||||||
port: http
|
port: http
|
||||||
initialDelaySeconds: 15
|
initialDelaySeconds: 15
|
||||||
|
periodSeconds: 30
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,8 @@ If this is a fresh authentik install run the following commands to generate a pa
|
||||||
sudo apt-get install -y pwgen
|
sudo apt-get install -y pwgen
|
||||||
echo "PG_PASS=$(pwgen 40 1)" >> .env
|
echo "PG_PASS=$(pwgen 40 1)" >> .env
|
||||||
echo "AUTHENTIK_SECRET_KEY=$(pwgen 50 1)" >> .env
|
echo "AUTHENTIK_SECRET_KEY=$(pwgen 50 1)" >> .env
|
||||||
|
# Skip if you don't want to enable error reporting
|
||||||
|
echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
|
||||||
```
|
```
|
||||||
|
|
||||||
## Email configuration (optional, but recommended)
|
## Email configuration (optional, but recommended)
|
||||||
|
|
|
||||||
Reference in a new issue