diff --git a/Dockerfile b/Dockerfile index 3767c7e4f..7dfd5e46b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -80,8 +80,12 @@ COPY ./lifecycle/ /lifecycle COPY --from=builder /work/authentik /authentik-proxy USER authentik + ENV TMPDIR /dev/shm/ ENV PYTHONUNBUFFERED 1 ENV prometheus_multiproc_dir /dev/shm/ ENV PATH "/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/lifecycle" + +HEALTHCHECK --interval=30s --timeout=30s --start-period=60s --retries=3 CMD [ "/lifecycle/ak healthcheck" ] + ENTRYPOINT [ "/lifecycle/ak" ] diff --git a/authentik/root/monitoring.py b/authentik/root/monitoring.py index c7b97ac94..a70749880 100644 --- a/authentik/root/monitoring.py +++ b/authentik/root/monitoring.py @@ -59,14 +59,14 @@ class MetricsView(View): class LiveView(View): - """View for liveness probe, always returns Http 201""" + """View for liveness probe, always returns Http 204""" def dispatch(self, request: HttpRequest) -> HttpResponse: - return HttpResponse(status=201) + return HttpResponse(status=204) class ReadyView(View): - """View for readiness probe, always returns Http 201, unless sql or redis is down""" + """View for readiness probe, always returns Http 204, unless sql or redis is down""" def dispatch(self, request: HttpRequest) -> HttpResponse: try: @@ -79,4 +79,4 @@ class ReadyView(View): redis_conn.ping() except RedisError: return HttpResponse(status=503) - return HttpResponse(status=201) + return HttpResponse(status=204) diff --git a/lifecycle/ak b/lifecycle/ak index 79b6f05f6..31e6aebcd 100755 --- a/lifecycle/ak +++ b/lifecycle/ak @@ -26,10 +26,14 @@ function check_if_root { chpst -u authentik:$GROUP env HOME=/authentik $1 } +MODE_FILE="/tmp/authentik-mode" + if [[ "$1" == "server" ]]; then + echo "server" > $MODE_FILE python -m lifecycle.migrate /authentik-proxy elif [[ "$1" == "worker" ]]; then + echo "worker" > $MODE_FILE check_if_root "celery -A authentik.root.celery worker --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events" elif [[ "$1" == "backup" ]]; then python -m manage dbbackup --clean @@ -42,6 +46,13 @@ elif [[ "$1" == "test" ]]; then touch /unittest.xml chown authentik:authentik /unittest.xml check_if_root "python -m manage test authentik" +elif [[ "$1" == "healthcheck" ]]; then + mode=$(cat $MODE_FILE) + if [[ $mode == "server "]]; then + curl --user-agent "authentik Healthcheck" -I http://localhost:9000/-/health/ready/ + elif [[ $mode == "worker" ]]; then + celery -A authentik.root.celery inspect ping -d celery@$HOSTNAME + fi else python -m manage "$@" fi