Consul Health Check: security-spiffe-token-provider 400 Bad Request #4531
Comments
|
We previously removed We could put it back and default to |
It still won't be able to work even if HTTPS was available because it won't pass the authentication check. A TCP port check is probably the best we can do, as HTTPS requires a spiffe client certificate. |
I thought that you disabled authentication check for the ping endpoints. |
I did, but it is blocked at the TLS level :-( One possible workaround is to run two HTTP servers -- one to serve the healthcheck, the other that is the actual TLS service. |
go-mod-bootstrap only allows registration of HTTP healtchecks with consul, which will not work for this service, as it requires clients have a client TLS certificate. In any case, registration is not required for proper functioning of the service Closes #4531 Signed-off-by: Bryon Nevis <[email protected]>
🐞 Bug Report
Affected Services [REQUIRED]
security-spiffe-token-provider
Is this a regression?
No
Description and Minimal Reproduction [REQUIRED]
Health check for security-spiffe-token-provider is failing because in order to do SPIFFE authentication, the web service must use HTTPS. Should find an alternative way to implement the health check so that it doesn't erroneously fail, or omit it altogether. It will likely not be possible to make Consul into a SPIFFE client.
🔥 Exception or Error
🌍 Your Environment
Deployment Environment: Docker
EdgeX Version [REQUIRED]: minnesota dev (likely present in earlier releases as well)
Anything else relevant?
The text was updated successfully, but these errors were encountered: