[jira] [Commented] (IGNITE-28234) Provide an unauthenticated health check endpoint for Kubernetes probes in Ignite 3

Sun, 22 Mar 2026 07:01:13 -0700 


    [ 
https://issues.apache.org/jira/browse/IGNITE-28234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18067485#comment-18067485
 ] 

Dan Radoaica commented on IGNITE-28234:
---------------------------------------

Looking trough the code I saw that the Micronaut /health endpoint is exopsed:

- enable health endpoint only and allow anonymous access to it => 
modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java
        result.put("endpoints.all.enabled", false);
        result.put("endpoints.health.enabled", true);
        result.put("micronaut.security.intercept-url-map[1].pattern", "/" + 
HealthEndpoint.NAME + "/**");
        result.put("micronaut.security.intercept-url-map[1].access", 
SecurityRule.IS_ANONYMOUS);

- /health/liveness => 
modules/rest/src/main/java/org/apache/ignite/internal/rest/health/NodeLivenessIndicator.java

- /health/readiness => 
modules/rest/src/main/java/org/apache/ignite/internal/rest/health/NodeReadinessIndicator.java

> Provide an unauthenticated health check endpoint for Kubernetes probes in 
> Ignite 3
> ----------------------------------------------------------------------------------
>
>                 Key: IGNITE-28234
>                 URL: https://issues.apache.org/jira/browse/IGNITE-28234
>             Project: Ignite
>          Issue Type: Improvement
>          Components: rest ai3
>    Affects Versions: 3.1
>         Environment: is described here: 
> [https://github.com/dradoaica/helm-charts/blob/main/DEV_NOTES.md]
>            Reporter: Dan Radoaica
>            Priority: Major
>              Labels: ignite-3
>
> First, thank you for the product and your hard work!
>  
> Secondly, setting up Kubernetes probes with authentication enabled requires 
> using the `/management/v1/node/state` endpoint and injecting Basic Auth 
> credentials directly into the STS: 
> [https://github.com/dradoaica/helm-charts/blob/main/charts/ignite-3/templates/stateful-set.yaml].
> Health endpoints should be unauthenticated and lightweight by design. Forcing 
> credentials into probe configurations adds unnecessary friction. This same 
> issue occurred in Apache Ignite 2 also, the health check initially required 
> authentication, but it was subsequently removed for this exact reason to 
> better support container orchestration.
> Please remove authentication from the current `/management/v1/node/state` 
> endpoint, or provide a dedicated, unauthenticated health check endpoint 
> (e.g., `/management/v1/node/probe`) for Ignite 3.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to