fix(elasticsearch): make auth parameters optional in health check #643
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When Elasticsearch is configured without authentication, the init container was sending empty auth credentials (--user ":") which caused 403 errors. This change makes the --user flag conditional on having both username and password set. Bug: Init containers would hang when checking Elasticsearch readiness due to 403 responses from sending empty auth credentials. Fix: Only add --user flag when both ES_USER and ES_PWD env vars are set. Previously the curl command always included auth headers even when not configured, causing Elasticsearch to reject the request. Resolves issue where pods would hang in init state when Elasticsearch auth was not configured.
|
Hey @NunoMaga, do you need any help here? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ix: Only add --user flag when both ES_USER and ES_PWD env vars are set. Previously the curl command always included auth headers even when not configured, causing Elasticsearch to reject the request. Resolves issue where pods would hang in init state when Elasticsearch auth was not configured.
What was changed
Makes the --user parameter conditional in the Elasticsearch health check command,
only including authentication when both ES_USER and ES_PWD environment variables
are set.
Why?
When Elasticsearch is configured without authentication, the init container was sending empty auth credentials (--user ":") which caused 403 errors. This change makes the --user flag conditional on having both username and password set. Bug: Init containers would hang when checking Elasticsearch readiness due to 403 responses from sending empty auth credentials.
Closes [Bug] Temporal pods infinite in init state when Elasticsearch has ho username/password auth configured #621
How was this tested: