root: monitor redis in readiness check, relax monitoring period

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-07 15:36:46 +02:00 · 2021-04-07 15:36:46 +02:00 · 12b1f53948
parent 35232afa7e
commit 12b1f53948
4 changed files with 17 additions and 5 deletions
--- a/authentik/root/monitoring.py
+++ b/authentik/root/monitoring.py
@ -7,6 +7,8 @@ from django.db.utils import OperationalError
 from django.http import HttpRequest, HttpResponse
 from django.views import View
 from django_prometheus.exports import ExportToDjangoView
+from django_redis import get_redis_connection
+from redis.exceptions import RedisError


 class MetricsView(View):
@ -35,12 +37,17 @@ class LiveView(View):


 class ReadyView(View):
-    """View for liveness probe, always returns Http 201"""
+    """View for readiness probe, always returns Http 201, unless sql or redis is down"""

    def dispatch(self, request: HttpRequest) -> HttpResponse:
-        db_conn = connections["default"]
        try:
+            db_conn = connections["default"]
            _ = db_conn.cursor()
        except OperationalError:
            return HttpResponse(status=503)
+        try:
+            redis_conn = get_redis_connection()
+            redis_conn.ping()
+        except RedisError:
+            return HttpResponse(status=503)
        return HttpResponse(status=201)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -27,7 +27,7 @@ services:
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
-      # AUTHENTIK_ERROR_REPORTING__ENABLED: true
+      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
@ -57,7 +57,7 @@ services:
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
-      # AUTHENTIK_ERROR_REPORTING__ENABLED: true
+      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
    volumes:
      - ./backups:/backups
      - /var/run/docker.sock:/var/run/docker.sock
@ -75,7 +75,8 @@ services:
      traefik.http.routers.static-router.rule: PathPrefix(`/static`, `/if`, `/media`, `/robots.txt`, `/favicon.ico`)
      traefik.http.routers.static-router.tls: 'true'
      traefik.http.routers.static-router.service: static-service
-      traefik.http.services.static-service.loadbalancer.healthcheck.path: /
+      traefik.http.services.static-service.loadbalancer.healthcheck.path: /-/health/ready/
+      traefik.http.services.static-service.loadbalancer.healthcheck.interval: 30s
      traefik.http.services.static-service.loadbalancer.server.port: '80'
    volumes:
      - ./media:/usr/share/nginx/html/media
--- a/helm/templates/web-deployment.yaml
+++ b/helm/templates/web-deployment.yaml
@ -108,11 +108,13 @@ spec:
              path: /-/health/live/
              port: http
            initialDelaySeconds: 15
+            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /-/health/ready/
              port: http
            initialDelaySeconds: 15
+            periodSeconds: 30
          resources:
            requests:
              cpu: 100m
--- a/website/docs/installation/docker-compose.md
+++ b/website/docs/installation/docker-compose.md
@ -24,6 +24,8 @@ If this is a fresh authentik install run the following commands to generate a pa
 sudo apt-get install -y pwgen
 echo "PG_PASS=$(pwgen 40 1)" >> .env
 echo "AUTHENTIK_SECRET_KEY=$(pwgen 50 1)" >> .env
+# Skip if you don't want to enable error reporting
+echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
 ```

 ## Email configuration (optional, but recommended)