oci-cloud-controller-manager icon indicating copy to clipboard operation
oci-cloud-controller-manager copied to clipboard
verified publisher icon oracle

TCP Health Checks only supported in GUI, not supported in code

Open russell-argo opened this issue 4 months ago • 0 comments

BUG REPORT

Environment:

Kubernetes version (use kubectl version): 1.33.1 OS (e.g. from /etc/os-release): "Oracle Linux Server 8.10" Kernel (e.g. uname -a): 5.15.0-309.180.4.el8uek.x86_64 Others: Using OCI (Load Balancer)

What happened?

  • We are using OKE

  • We create a deployment, serving traffic on TCP 445 (It's an SMB Server)

  • We create a service, of type LoadBalancer, pointing to this service

  • We use these annotations:

    oci.oraclecloud.com/load-balancer-type: lb service.beta.kubernetes.io/oci-load-balancer-backend-protocol: TCP service.beta.kubernetes.io/oci-load-balancer-shape: flexible service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100" service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "10"

Oracle creates the load balancer:

Image

It creates the listener:

Image

It creates the backend set

Image

But for some reason the health check has been misconfigured as HTTP. On port 10256.

Image

This makes no sense when we are hosting a TCP service and wish to check its health by checking the TCP Port.

Oracle supports TCP health checks, via the GUI:

Image

But this value can only be set in GUI, and cannot be set by annotations.

It does not work to set the value manually because A) it does not work in an IaC pipeline and B) The value is eventually overriden by the Cloud Controller Manager. It puts the health check back to HTTP 10256 after a period of time.

russell-argo avatar Aug 22 '25 15:08 russell-argo