Add healthcheck endpoint to esi-leap

[larsks]

esi-leap should offer an http endpoint that does not require authentication that can be used in healthcheck scripts.

Podman, Docker, Kubernetes, and OpenShift all support healthchecks as a way to verify that a container is running properly. This is particularly useful in establishing dependencies between services.

[sheldor1510]

Hi @larsks ! About the health check endpoint in OpenShift - https://docs.openshift.com/container-platform/4.9/applications/application-health.html - is this it? Also, according to you, how should we determine the up and running status for esi-leap? Would that be if the API is running with no authentication errors?

[larsks]

Sure, or https://docs.docker.com/reference/dockerfile/#healthcheck or for Docker and https://docs.docker.com/compose/compose-file/05-services/#healthcheck for Docker Compose.

The idea is simply to have an unauthenticated endpoint that can be used to positively detect when the esi-service is up and running.

Also, according to you, how should we determine the up and running status for esi-leap? Would that be if the API is running with no authentication errors?

The healthcheck endpoint is just a way of determining that the esi-leap application has completed initialization and is successfully serving requests. It doesn't need to perform any complex logic; it just needs to return a successful HTTP status code (200).

---

For example, the kubernetes API provides a health endpoint at /healthz:

$ curl https://api.shift.nerc.mghpcc.org:6443/healthz
ok

This is useful because all other requests require authentication. If I try to access /, I get an error code:

$ curl https://api.shift.nerc.mghpcc.org:6443/
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {},
  "code": 403
}