I have a nomad-pack template definition. I added a health check and was no longer able to access the service that was being run by the job. I realized that the service requires “Basic Auth” credentials, which means that the path will always fail unless I pass an authorization header.
Is it possible to retrieve a secret from Vault for a service check header?
This is what I have that is not working.
job "prometheus" {
datacenters = ["default"]
region = [[ .my.facility | quote ]]
priority = [[ .my.priority ]]
group "main" {
count = [[ .my.instances ]]
service {
name = "prometheus"
check {
name = "health"
type = "http"
path = "/-/healthy"
interval = "10s"
timeout = "2s"
header {
Authorization = ["Basic {{ with secret \"mount/path/to/secret\" | base64Encode }}{{ .Data.data.username }}:{{ .Data.data.password }}{{ end }}"]
}
}
}
task "app" {
<snip>
}
}
}