Define a livenessProbe with secret httpHeaders

Question

I want to define a livenessProbe with an httpHeader whose value is secret.

This syntax is invalid:

livenessProbe:
  httpGet:
    path: /healthz
    port: 8080
    httpHeaders:
      - name: X-Custom-Header
        valueFrom:
          secretKeyRef:
            name: my-secret-key
            value: secret

If I specify my-secret-key with value secret as an environment variable named MY_SECRET_KEY, the following could work:

livenessProbe:
  exec:
    command:
      - curl
      - --fail
      - -H
      - "X-Custom-Header: $MY_SECRET_KEY"
      - 'http://localhost:8080/healthz'

Unfortunately it doesn't due to the way the quotations are being evaluated. If I type the command curl --fail -H "X-Custom-Header: $MY_SECRET_KEY" http://localhost:8080/healthz directly on the container, it works.

I've also tried many combinations of single quotes and escaping the double quotes.

Does anyone know of a workaround?

The one workaround is to use templates. `Helm` can help with that https://docs.helm.sh/chart_template_guide/#the-chart-template-developer-s-guide — akn, Feb 24 '18 at 18:22

score 2 · Answer 1 · answered Dec 17 '19 at 14:10

Here some examples with curl and wget:

exec:
command:
  - /bin/sh
  - -c
  - "curl -H 'Authorization: Bearer $(AUTH_TOKEN)' 'http://example.com'"

exec:
  command:
  - /bin/sh
  - -c
  - "wget --spider --header \"Authorization: Bearer $AUTH_TOKEN\" http://some.api.com/spaces/${SPACE_ID}/entries"

score 1 · Answer 2 · answered Jan 22 '17 at 12:08

1

One workaround I can think of is to create some bash script to run this health check, and put your secret data to the environment as usual.

answered Jan 22 '17 at 12:08

lwolf

960
9
16

Define a livenessProbe with secret httpHeaders

2 Answers2