fix(distribution): revert OIDC enforcement — enabling it gated /healthz probe (service down)
Flipping Auth__Enabled=true gated the /healthz readiness probe (302->NotReady-> no endpoints->distribution.iamworkin.lan down, healthz=000). Classic feedback_k8s_probes_behind_auth_middleware. Revert to false (OIDC env block kept, gate off) to restore service. Proper fix (AllowAnonymous /healthz + CA-trust + idempotent Editions seed + OIDC-challenge wiring + browser-proof) -> falcon OIDC lane. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Andrew Stoltz
@@ -132,8 +132,11 @@ spec:
|
|||||||
value: "false"
|
value: "false"
|
||||||
# Authentik/OIDC enforcement (flipped ON 2026-06-04, no-live-proof per operator;
|
# Authentik/OIDC enforcement (flipped ON 2026-06-04, no-live-proof per operator;
|
||||||
# public read/entitlement + Method() allowlist stay open — OIDC gates admin only).
|
# public read/entitlement + Method() allowlist stay open — OIDC gates admin only).
|
||||||
|
# Auth__Enabled reverted to false 2026-06-04: enabling it gated the
|
||||||
|
# /healthz readiness probe (probe->302->NotReady->endpoints drop->down).
|
||||||
|
# Re-enable once /healthz is AllowAnonymous (falcon OIDC lane).
|
||||||
- name: FlowerCore__Auth__Enabled
|
- name: FlowerCore__Auth__Enabled
|
||||||
value: "true"
|
value: "false"
|
||||||
- name: FlowerCore__Auth__Oidc__Enabled
|
- name: FlowerCore__Auth__Oidc__Enabled
|
||||||
value: "true"
|
value: "true"
|
||||||
- name: FlowerCore__Auth__Oidc__Authority
|
- name: FlowerCore__Auth__Oidc__Authority
|
||||||
|
|||||||
Reference in New Issue
Block a user