mirrord icon indicating copy to clipboard operation
mirrord copied to clipboard

Published 20 hours ago verified publisher icon metalbear-co

Detect health check steal

Open Razz4780 opened this issue 5 months ago • 0 comments

We can:

  1. Read health checks config after target resource is fetched.
  2. Check if it will be possible for the app to steal health checks (e.g incoming config does not exclude health checks port and no http filter is used) and warn the user (warning should be dismissable from the IDE). This should help most new users, who don't use advanced configuration.
  3. At runtime, detect when the app subscribes to health check port without an HTTP filter and issue a warning from within the intproxy. This should help us when reading logs.

Based on k8s docs, we can have exec, httpGet, tcpSocket and grpc probes:

  1. exec probes we should probably ignore, because the command can do anything
  2. tcpSocket probes can definitely be ignored, because the connection will always be accepted (either by target container or by the agent)
  3. httpGet - we have to check port+headers+path against steal configuration
  4. grpc - we can infer the path from configured service name and compare port+path against steal configuration
  5. We should inspect both liveness and readiness probes

Razz4780 avatar Sep 04 '24 17:09 Razz4780