diff options
| author | Sean McGivern <sean@mcgivern.me.uk> | 2017-07-11 08:51:27 +0000 |
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2017-07-11 08:51:27 +0000 |
| commit | 25d241ae97e22159bf71caa5553eb192fdb6d4c0 (patch) | |
| tree | 078cd9c6ca7c26433768dfe6ff1927bbda47ae0b /doc/user | |
| parent | b39c98371de5b1f070b682984d1e01847b49f77a (diff) | |
| parent | 063f03b9d7c6f53def50f337e3da24585d1a837a (diff) | |
| download | gitlab-ce-25d241ae97e22159bf71caa5553eb192fdb6d4c0.tar.gz | |
Merge branch '33949-remove-healthcheck-access-token' into 'master'
Remove the need to use health check token by adding ability to whitelist hosts
Closes #33949
See merge request !12612
Diffstat (limited to 'doc/user')
| -rw-r--r-- | doc/user/admin_area/monitoring/health_check.md | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/doc/user/admin_area/monitoring/health_check.md b/doc/user/admin_area/monitoring/health_check.md index a954840b8a6..69a9dfc3500 100644 --- a/doc/user/admin_area/monitoring/health_check.md +++ b/doc/user/admin_area/monitoring/health_check.md @@ -5,6 +5,8 @@ - The `health_check` endpoint was [introduced][ce-3888] in GitLab 8.8 and will be deprecated in GitLab 9.1. Read more in the [old behavior](#old-behavior) section. + - [Access token](#access-token) has been deprecated in GitLab 9.4 + in favor of [IP Whitelist](#ip-whitelist) GitLab provides liveness and readiness probes to indicate service health and reachability to required services. These probes report on the status of the @@ -12,7 +14,19 @@ database connection, Redis connection, and access to the filesystem. These endpoints [can be provided to schedulers like Kubernetes][kubernetes] to hold traffic until the system is ready or restart the container as needed. -## Access Token +## IP Whitelist + +To access monitoring resources the client IP needs to be included in the whitelist. +To add or remove hosts or IP ranges from the list you can edit `gitlab.rb` or `gitlab.yml`. + +Example whitelist configuration: +```yaml +monitoring: + ip_whitelist: + - 127.0.0.0/8 # by default only local IPs are allowed to access monitoring resources +``` + +## Access Token (Deprecated) An access token needs to be provided while accessing the probe endpoints. The current accepted token can be found under the **Admin area ➔ Monitoring ➔ Health check** @@ -47,10 +61,10 @@ which will then provide a report of system health in JSON format: ## Using the Endpoint -Once you have the access token, the probes can be accessed: +With default whitelist settings, the probes can be accessed from localhost: -- `https://gitlab.example.com/-/readiness?token=ACCESS_TOKEN` -- `https://gitlab.example.com/-/liveness?token=ACCESS_TOKEN` +- `http://localhost/-/readiness` +- `http://localhost/-/liveness` ## Status @@ -71,8 +85,8 @@ the database connection, the state of the database migrations, and the ability t and access the cache. This endpoint can be provided to uptime monitoring services like [Pingdom][pingdom], [Nagios][nagios-health], and [NewRelic][newrelic-health]. -Once you have the [access token](#access-token), health information can be -retrieved as plain text, JSON, or XML using the `health_check` endpoint: +Once you have the [access token](#access-token) or your client IP is [whitelisted](#ip-whitelist), +health information can be retrieved as plain text, JSON, or XML using the `health_check` endpoint: - `https://gitlab.example.com/health_check?token=ACCESS_TOKEN` - `https://gitlab.example.com/health_check.json?token=ACCESS_TOKEN` |