You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When configuring couchdb inside of the helm chart, one class of configuration involves hardening / tweaking the authentication configuration. It is possible to change this in such a way that the chart readiness probes are not able to reconcile, the cluster is not able to talk to each other, etc.
Version of Helm and Kubernetes:
K8s 1.21, Helm 3.8.2
What happened:
Set require_valid_user: true and couchdbConfig.chttpd.authentication_handlers to a non-default value. Connections within the cluster replication started failing, and health checks / readiness probes were returning unhealthy
What you expected to happen:
Change configuration and things continue working.
How to reproduce it (as minimally and precisely as possible):
Set require_valid_user: true and couchdbConfig.chttpd.authentication_handlers to not include: "{chttpd_auth, default_authentication_handler}" (the readinessProbe uses basic auth)
Anything else we need to know:
Some possible solutions:
add to documentation a note about configuring authentication and what the effects can be. Not 100% sure I would have caught this there, but it would have been helpful in hindsight at least.
warn in NOTES.txt if these values are changed in such a way that successful auth is unlikely
add more escape hatches on the readinessProbe so that someone can override the defaults if they would like
Am I right that require_valid_user: true essentially makes Fauxton not functional unless you already have auth taken care of on your network traffic (basic, JWT, etc.)? If so, some docs on that inside of the couchdb docs could be helpful too.
The text was updated successfully, but these errors were encountered:
Describe the bug
When configuring couchdb inside of the helm chart, one class of configuration involves hardening / tweaking the authentication configuration. It is possible to change this in such a way that the chart readiness probes are not able to reconcile, the cluster is not able to talk to each other, etc.
Version of Helm and Kubernetes:
K8s 1.21, Helm 3.8.2
What happened:
Set
require_valid_user: trueandcouchdbConfig.chttpd.authentication_handlersto a non-default value. Connections within the cluster replication started failing, and health checks / readiness probes were returning unhealthyWhat you expected to happen:
Change configuration and things continue working.
How to reproduce it (as minimally and precisely as possible):
Set
require_valid_user: trueandcouchdbConfig.chttpd.authentication_handlersto not include:"{chttpd_auth, default_authentication_handler}"(the readinessProbe uses basic auth)Anything else we need to know:
Some possible solutions:
readinessProbeso that someone can override the defaults if they would likerequire_valid_user: trueessentially makes Fauxton not functional unless you already have auth taken care of on your network traffic (basic, JWT, etc.)? If so, some docs on that inside of the couchdb docs could be helpful too.The text was updated successfully, but these errors were encountered: