From 0e55bf5c43266726d7355943b5668f4e4b388d64 Mon Sep 17 00:00:00 2001 From: Anthony LC Date: Fri, 22 Nov 2024 11:55:30 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(helm)=20allow=20server=20?= =?UTF-8?q?host=20and=20whitelist=20pod=20IP=20for=20health=20checks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In a Kubernetes environment, we need to whitelist the pod's IP address to allow health checks to pass. This ensures that Kubernetes liveness and readiness probes can access the application to verify its health. --- CHANGELOG.md | 2 +- src/backend/impress/settings.py | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a927840..ec8d31be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ and this project adheres to - 🌐(backend) add german translation #259 - 🌐(frontend) Add German translation #255 - ✨(frontend) Add a broadcast store #387 -- ✨(backend) config endpoint #425 +- ✨(backend) whitelist pod's IP address #443 ## Changed diff --git a/src/backend/impress/settings.py b/src/backend/impress/settings.py index ccf81130..f75c89eb 100755 --- a/src/backend/impress/settings.py +++ b/src/backend/impress/settings.py @@ -12,6 +12,7 @@ https://docs.djangoproject.com/en/3.1/ref/settings/ import os import tomllib +from socket import gethostbyname, gethostname from django.utils.translation import gettext_lazy as _ @@ -649,7 +650,13 @@ class Production(Base): """ # Security - ALLOWED_HOSTS = values.ListValue(None) + # Add allowed host from environment variables. + # The machine hostname is added by default, + # it makes the application pingable by a load balancer on the same machine by example + ALLOWED_HOSTS = [ + *values.ListValue([], environ_name="ALLOWED_HOSTS"), + gethostbyname(gethostname()), + ] CSRF_TRUSTED_ORIGINS = values.ListValue([]) SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True