root: add dedicated live and readiness views

authentik/root/asgi.py

@@ -94,12 +94,6 @@ class ASGILogger:
                 self.log(runtime)
             await send(message)
 
-        if self.headers.get(b"host", b"") == b"authentik-healthcheck-host":
-            # Don't log healthcheck/readiness requests
-            await send({"type": "http.response.start", "status": 204, "headers": []})
-            await send({"type": "http.response.body", "body": ""})
-            return
-
         self.start = time()
         if scope["type"] == "lifespan":
             # https://code.djangoproject.com/ticket/31508
@@ -129,7 +123,7 @@ class ASGILogger:
             method=self.scope.get("method", ""),
             scheme=self.scope.get("scheme", ""),
             status=self.status_code,
-            size=self.content_length / 1000 if self.content_length > 0 else "-",
+            size=self.content_length / 1000 if self.content_length > 0 else 0,
             runtime=runtime,
         )
 

authentik/root/monitoring.py

@@ -2,6 +2,8 @@
 from base64 import b64encode
 
 from django.conf import settings
+from django.db import connections
+from django.db.utils import OperationalError
 from django.http import HttpRequest, HttpResponse
 from django.views import View
 from django_prometheus.exports import ExportToDjangoView
@@ -23,3 +25,22 @@ class MetricsView(View):
             return response
 
         return ExportToDjangoView(request)
+
+
+class LiveView(View):
+    """View for liveness probe, always returns Http 201"""
+
+    def dispatch(self, request: HttpRequest) -> HttpResponse:
+        return HttpResponse(status=201)
+
+
+class ReadyView(View):
+    """View for liveness probe, always returns Http 201"""
+
+    def dispatch(self, request: HttpRequest) -> HttpResponse:
+        db_conn = connections["default"]
+        try:
+            _ = db_conn.cursor()
+        except OperationalError:
+            return HttpResponse(status=503)
+        return HttpResponse(status=201)

authentik/root/urls.py

@@ -9,7 +9,7 @@ from structlog.stdlib import get_logger
 
 from authentik.core.views import error
 from authentik.lib.utils.reflection import get_apps
-from authentik.root.monitoring import MetricsView
+from authentik.root.monitoring import LiveView, MetricsView, ReadyView
 
 LOGGER = get_logger()
 admin.autodiscover()
@@ -57,6 +57,8 @@ for _authentik_app in get_apps():
 urlpatterns += [
     path("administration/django/", admin.site.urls),
     path("metrics/", MetricsView.as_view(), name="metrics"),
+    path("-/health/live/", LiveView.as_view(), name="health-live"),
+    path("-/health/ready/", ReadyView.as_view(), name="health-ready"),
     path("-/jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"),
 ]
 

docker-compose.yml

@@ -40,7 +40,7 @@ services:
       traefik.http.routers.app-router.rule: PathPrefix(`/`)
       traefik.http.routers.app-router.service: app-service
       traefik.http.routers.app-router.tls: 'true'
-      traefik.http.services.app-service.loadbalancer.healthcheck.hostname: authentik-healthcheck-host
+      traefik.http.services.app-service.loadbalancer.healthcheck.path: /-/health/live/
       traefik.http.services.app-service.loadbalancer.server.port: '8000'
     env_file:
       - .env

helm/templates/web-deployment.yaml

@@ -97,18 +97,12 @@ spec:
               protocol: TCP
           livenessProbe:
             httpGet:
-              path: /
+              path: /-/health/live/
               port: http
-              httpHeaders:
-                - name: Host
-                  value: authentik-healthcheck-host
           readinessProbe:
             httpGet:
-              path: /
+              path: /-/health/ready/
               port: http
-              httpHeaders:
-                - name: Host
-                  value: authentik-healthcheck-host
           resources:
             requests:
               cpu: 100m