Add /health endpoint to OPA HTTP server

[tsandall]

Overview

The current OPA HTTP server does not expose a dedicated health check endpoint. As a result, when deploying OPA on top of Kubernetes, users often end up configuring the health check to simply GET /. It would be better if the health check was more representative. Also, it would reduce the likely hood that people add a check like GET /v1/data which is very expensive.

We should add a new GET /health endpoint that minimally uses the server's compiler to execute a trivial query.

Here's a rough sketch of how I would implement this...

1. Add docs to the Deployments and Monitoring & Diagnostics pages in docs/book/. The deployment docs should show how to enable health checks in Kubernetes (when deployed on Kubernetes) and the monitoring docs should explain what the health check does (at a high level) with some example HTTP request/response data.
2. Add a new test case in server_test.go to execute GET /health and expect some simple result (see below)
3. Add a new route to the server (e.g., GET /health)
4. Implement the route to execute a simple Rego query (e.g., x = 1).
5. Verify the result set contains a single element with a binding for {"x": 1}.

Additional info

• Kubernetes readiness and liveness checks: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/

[michalkosmowski]

Hey 👋 I've just deployed OPA on top of Kubernetes so just to add to the list:

6. Update default readiness & readiness probes in the helm chart Add Open Policy Agent chart helm/charts#8915

[tsandall]

Re-opening this as we have not added docs yet. See original comment for requirements.