Skip to content

Allow Kubernetes or any orchestrator to perform health checks from within the network.

License

Notifications You must be signed in to change notification settings

iMerica/django-allow-healthchecks

Repository files navigation

Django Allow Health-Checks

Background

Kubernetes, load-balancers and other PaaS have a concept of a health check. These are simple GET requests against an endpoint that you define which tells the orchestrator if a web worker is healthy or not. The problem is that these requests come from within the same network running your app using an non-deterministic hostname or IP address. So instead of making your allowed hosts wide open with ['*'] (to allow any requests to get by), you can simply install this package to allow these requests to occur without introducing more technical/security risks then necessary.

For example, given a kubernetes deployment with the following details:

#... other details
      containers:
      - name: app
        image: registry.gitlab.com/username/cool-app/app
        livenessProbe:
          httpGet:
            path: /health-check/
            port: 8000
            httpHeaders:
            - name: X-Health
              value:  XYZ-123
          initialDelaySeconds: 3
          periodSeconds: 60
        imagePullPolicy: Always

You can allow these requests to get by by simply adding this to your settings

HEALTH_CHECK_HEADER_VALUE = 'XYZ-123'

Setup

Install django-allow-healthchecks

pip3 install django-allow-healthchecks

Add the class to your middleware, ideally first in the list

MIDDLEWARE = [
    'django_allow_healthchecks.middleware.ByPassForHealthChecks', # <~ Add this 
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

Assign your magical header value

HEALTH_CHECK_HEADER_VALUE = 'XYZ-Health'

Notes

Python3.5+ + Django 2.2+! Get on board!!

About

Allow Kubernetes or any orchestrator to perform health checks from within the network.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published