From bde621dbc524e5a0a14478f15fa156ee85e529fd Mon Sep 17 00:00:00 2001
From: Redouane Kachach <rkachach@ibm.com>
Date: Mon, 23 Sep 2024 16:16:46 +0200
Subject: [PATCH] mgr/cephadm: adding health check endpoint for mgmt-gateway

Signed-off-by: Redouane Kachach <rkachach@ibm.com>
---
 .../templates/services/mgmt-gateway/external_server.conf.j2 | 6 ++++++
 .../templates/services/mgmt-gateway/internal_server.conf.j2 | 6 ++++++
 src/python-common/ceph/deployment/service_spec.py           | 2 ++
 3 files changed, 14 insertions(+)

diff --git a/src/pybind/mgr/cephadm/templates/services/mgmt-gateway/external_server.conf.j2 b/src/pybind/mgr/cephadm/templates/services/mgmt-gateway/external_server.conf.j2
index 260e7418e2d7f..f33bc6c8dfdc8 100644
--- a/src/pybind/mgr/cephadm/templates/services/mgmt-gateway/external_server.conf.j2
+++ b/src/pybind/mgr/cephadm/templates/services/mgmt-gateway/external_server.conf.j2
@@ -46,6 +46,12 @@ server {
     # add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self';";
 {% endif %}
 
+{% if spec.enable_health_check_endpoint %}
+    location /health {
+         return 200 'OK';
+         add_header Content-Type text/plain;
+    }
+{% endif %}
 {% if oauth2_proxy_url %}
     location /oauth2/ {
         proxy_pass {{ oauth2_proxy_url }};
diff --git a/src/pybind/mgr/cephadm/templates/services/mgmt-gateway/internal_server.conf.j2 b/src/pybind/mgr/cephadm/templates/services/mgmt-gateway/internal_server.conf.j2
index f2c32f8797750..829c075758921 100644
--- a/src/pybind/mgr/cephadm/templates/services/mgmt-gateway/internal_server.conf.j2
+++ b/src/pybind/mgr/cephadm/templates/services/mgmt-gateway/internal_server.conf.j2
@@ -9,6 +9,12 @@ server {
     ssl_ciphers         ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
     ssl_prefer_server_ciphers on;
 
+{% if spec.enable_health_check_endpoint %}
+    location /health {
+         return 200 'OK';
+         add_header Content-Type text/plain;
+    }
+{% endif %}
 {% if dashboard_endpoints %}
     location /internal/dashboard {
         rewrite ^/internal/dashboard/(.*) /$1 break;
diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index d1ef9f5ac9511..459ab7df1a002 100644
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -1804,6 +1804,7 @@ class MgmtGatewaySpec(ServiceSpec):
                  ssl_stapling_verify: Optional[str] = None,
                  ssl_protocols: Optional[List[str]] = None,
                  ssl_ciphers: Optional[List[str]] = None,
+                 enable_health_check_endpoint: bool = False,
                  preview_only: bool = False,
                  unmanaged: bool = False,
                  extra_container_args: Optional[GeneralArgList] = None,
@@ -1849,6 +1850,7 @@ class MgmtGatewaySpec(ServiceSpec):
         self.ssl_protocols = ssl_protocols
         #: List of supported secure SSL ciphers. Changing this list may reduce system security.
         self.ssl_ciphers = ssl_ciphers
+        self.enable_health_check_endpoint = enable_health_check_endpoint
 
     def get_port_start(self) -> List[int]:
         ports = []
-- 
2.39.5