PSRule.Rules.Azure icon indicating copy to clipboard operation
PSRule.Rules.Azure copied to clipboard

Published 20 hours ago verified publisher icon Azure

[RULE] Container App Health Probe that support HTTP

Open BernieWhite opened this issue 1 year ago • 0 comments

Existing rule

No response

Suggested rule

If the container app uses HTTP based ingress, then health probes should be properly configured to support HTTP.

  • If properties.configuration.ingress.transport = http or http2 OR
  • If properties.configuration.ingress.targetPort = 80 or 8080 or 443

Health probes should be configured to support HTTP which has a granular status instead of open or closed that a TCP port has, to determine if a replica is available and ready to receive the ingress traffic.

Key points:

  • The default health probes use TCP, so no health probes configured is a fail.
  • Start up probe is often configured as TCP for several reasons to start the container so ignore that probe.
  • Check that Liveness and Readiness have httpGet configured.

Pillar

Reliability

Additional context

Similar to: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.AppService.WebProbe/

  • https://learn.microsoft.com/en-gb/azure/container-apps/health-probes?tabs=arm-template
  • https://learn.microsoft.com/en-gb/azure/templates/microsoft.app/containerapps?pivots=deployment-language-bicep#ingress

BernieWhite avatar Oct 13 '24 04:10 BernieWhite