From b1e3732ec371026e2ea72653916a73e096561a7b Mon Sep 17 00:00:00 2001 From: Trong Huu Nguyen Date: Thu, 7 May 2026 16:00:23 +0200 Subject: [PATCH] feat: add optional pprof debug endpoints on probe server Enabled via --pprof-enabled flag. Exposes /debug/pprof/ routes on the probe bind address for runtime profiling. --- cmd/wonderwall/main.go | 11 +++++++++++ docs/configuration.md | 1 + pkg/config/config.go | 3 +++ 3 files changed, 15 insertions(+) diff --git a/cmd/wonderwall/main.go b/cmd/wonderwall/main.go index 67c107b..9a77791 100644 --- a/cmd/wonderwall/main.go +++ b/cmd/wonderwall/main.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "net/http" + "net/http/pprof" "github.com/KimMachineGun/automemlimit/memlimit" "github.com/nais/wonderwall/internal/crypto" @@ -102,6 +103,16 @@ func run() error { }) mux.HandleFunc("/", healthz) mux.HandleFunc("/healthz", healthz) + + if cfg.PprofEnabled { + mux.HandleFunc("/debug/pprof/", pprof.Index) + mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) + mux.HandleFunc("/debug/pprof/profile", pprof.Profile) + mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) + mux.HandleFunc("/debug/pprof/trace", pprof.Trace) + log.Infof("pprof: enabled on %s/debug/pprof/", cfg.ProbeBindAddress) + } + log.Debugf("probe: listening on %s", cfg.ProbeBindAddress) err := http.ListenAndServe(cfg.ProbeBindAddress, mux) if err != nil { diff --git a/docs/configuration.md b/docs/configuration.md index 78d8900..ead5419 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -29,6 +29,7 @@ The following flags are available: | `log-format` | string | `json` | Log format, either `json` or `text`. | | `log-level` | string | `info` | Logging verbosity level. | | `metrics-bind-address` | string | `127.0.0.1:3001` | Listen address for metrics only. Empty disables metrics | +| `pprof-enabled` | boolean | `false` | Enable pprof debug endpoints on the probe server (`/debug/pprof/`). | | `probe-bind-address` | string | | Listen address for health probe. Empty disables health probe. | | `openid.acr-values` | string | | Space separated string that configures the default security level (`acr_values`) parameter for authorization requests. | | `openid.audiences` | strings | | List of additional trusted audiences (other than the client_id) for OpenID Connect id_token validation. | diff --git a/pkg/config/config.go b/pkg/config/config.go index 7edd8f5..95fcb36 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -21,6 +21,7 @@ type Config struct { LogFormat string `json:"log-format"` LogLevel string `json:"log-level"` MetricsBindAddress string `json:"metrics-bind-address"` + PprofEnabled bool `json:"pprof-enabled"` ProbeBindAddress string `json:"probe-bind-address"` ShutdownGracefulPeriod time.Duration `json:"shutdown-graceful-period"` ShutdownWaitBeforePeriod time.Duration `json:"shutdown-wait-before-period"` @@ -50,6 +51,7 @@ const ( LogFormat = "log-format" LogLevel = "log-level" MetricsBindAddress = "metrics-bind-address" + PprofEnabled = "pprof-enabled" ProbeBindAddress = "probe-bind-address" ShutdownGracefulPeriod = "shutdown-graceful-period" ShutdownWaitBeforePeriod = "shutdown-wait-before-period" @@ -73,6 +75,7 @@ func Initialize() (*Config, error) { flag.String(LogFormat, "json", "Log format, either 'json' or 'text'.") flag.String(LogLevel, "info", "Logging verbosity level.") flag.String(MetricsBindAddress, "127.0.0.1:3001", "Listen address for metrics only. Empty disables metrics.") + flag.Bool(PprofEnabled, false, "Enable pprof debug endpoints on the probe server.") flag.String(ProbeBindAddress, "", "Listen address for health probe. Empty disables health probe.") flag.Duration(ShutdownGracefulPeriod, 30*time.Second, "Graceful shutdown period when receiving a shutdown signal after which the server is forcibly exited.") flag.Duration(ShutdownWaitBeforePeriod, 0*time.Second, "Wait period when receiving a shutdown signal before actually starting a graceful shutdown. Useful for allowing propagation of Endpoint updates in Kubernetes.")