You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When using a validator / signer key, if the key cannot be found on startup, KrakenD will continue running with no retry. This can be very annoying, since it means I need to be intentional about the order my k8s workloads spin up, and in one case has led to a weird-to-debug issue where one signed endpoint was working but the other wasn't (the host for the signer key came up in between KrakenD building the two).
Describe the solution you'd like
I'd like a configuration setting for each, where if the key can't be found, KrakenD immediately exits with an error stating why it couldn't obtain the key and for which endpoint. In a k8s env this would trigger CrashLoopBackoff, and in any scenario where multiple deployments might have race conditions, eventually solve itself. Outside of k8s, the behavior of a validator just allowing all traffic if the key can't be found feels like a pretty nasty gotcha with severe security implications.
Describe alternatives you've considered
Since I'm using GKE, I have a monitoring alert for the "Unable to create the signer" message and the validator one as well. That solution is specific to my setup and it's still a manual process to bounce the pod (hypothetically, I could set up pubsub to bounce the pod I guess but that feels like overkill).
Additional context
None that I can think of.
The text was updated successfully, but these errors were encountered:
Version of KrakenD you are using
2.3.3
Is your feature request related to a problem? Please describe.
When using a validator / signer key, if the key cannot be found on startup, KrakenD will continue running with no retry. This can be very annoying, since it means I need to be intentional about the order my k8s workloads spin up, and in one case has led to a weird-to-debug issue where one signed endpoint was working but the other wasn't (the host for the signer key came up in between KrakenD building the two).
Describe the solution you'd like
I'd like a configuration setting for each, where if the key can't be found, KrakenD immediately exits with an error stating why it couldn't obtain the key and for which endpoint. In a k8s env this would trigger CrashLoopBackoff, and in any scenario where multiple deployments might have race conditions, eventually solve itself. Outside of k8s, the behavior of a validator just allowing all traffic if the key can't be found feels like a pretty nasty gotcha with severe security implications.
Describe alternatives you've considered
Since I'm using GKE, I have a monitoring alert for the "Unable to create the signer" message and the validator one as well. That solution is specific to my setup and it's still a manual process to bounce the pod (hypothetically, I could set up pubsub to bounce the pod I guess but that feels like overkill).
Additional context
None that I can think of.
The text was updated successfully, but these errors were encountered: