diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-14 14:32:53 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-14 14:32:53 -0600 |
| commit | debf8403c595c98213bf17913824b081262c15e2 (patch) | |
| tree | cc60dca2a6ef76e3e11ac19e0dc679027cdf4e17 | |
| parent | d90cc880aedbcea0f8678ed0c906a51a56c749e5 (diff) | |
chore: handle health checks in envoy rather than authzd
| -rw-r--r-- | Cargo.toml | 2 | ||||
| -rw-r--r-- | etc/envoy/envoy.yaml | 3 | ||||
| -rw-r--r-- | src/authorization/server.rs | 16 |
3 files changed, 4 insertions, 17 deletions
@@ -22,8 +22,6 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" tokio = { version = "1.0.0", features = ["macros", "rt-multi-thread"] } tonic = "0.13.1" -tonic-health = "0.13.1" -tonic-reflection = "0.13.1" tracing = "0.1" tracing-subscriber = { version = "0.3", features = ["json"] } urlencoding = "2.1" diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml index bfe2ce16..62f8345b 100644 --- a/etc/envoy/envoy.yaml +++ b/etc/envoy/envoy.yaml @@ -131,6 +131,9 @@ static_resources: - name: ":path" string_match: exact: "/health" + cluster_min_healthy_percentages: + authzd: 100.0 + spicedb: 100.0 - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router diff --git a/src/authorization/server.rs b/src/authorization/server.rs index 90d3edf6..31bf2af8 100644 --- a/src/authorization/server.rs +++ b/src/authorization/server.rs @@ -9,25 +9,11 @@ pub struct Server { impl Server { pub fn new<T: super::Authorizer>(authorizer: T) -> Result<Server, Box<dyn std::error::Error>> { - let (health_reporter, health_service) = tonic_health::server::health_reporter(); - std::mem::drop( - health_reporter.set_service_status("", tonic_health::ServingStatus::Serving), - ); let authorization_service = AuthorizationServer::new(CheckService::new(Arc::new(authorizer))); - let reflection_service = tonic_reflection::server::Builder::configure() - .register_encoded_file_descriptor_set(tonic_health::pb::FILE_DESCRIPTOR_SET) - .register_encoded_file_descriptor_set(include_bytes!( - "../../vendor/envoy-types/src/generated/types.bin" - )) - .build_v1()?; - Ok(Self::new_with(|mut builder| { - builder - .add_service(authorization_service) - .add_service(health_service) - .add_service(reflection_service) + builder.add_service(authorization_service) })) } |