elasticsearch-operator icon indicating copy to clipboard operation
elasticsearch-operator copied to clipboard

Published 20 hours ago verified publisher icon upmc-enterprises

Liveness & readiness probe fail in mutual_tls environment

Open carolvdlinde opened this issue 6 years ago • 2 comments

As per https://istio.io/help/faq/security/#k8s-health-checks If mutual TLS is enabled, http and tcp health checks from the kubelet will not work since the kubelet does not have Istio-issued certificates.

We rather need to perform a curl command. e.g. livenessProbe: exec: command:

  • curl
  • -f
  • http://localhost:8080/healthz # Replace port and URI by your actual health check initialDelaySeconds: 10 periodSeconds: 5

Would it be possible to change k8utils.go to do something like? : Handler: v1.Handler{ ExecAction: &v1.ExecAction{ Command: "curl -f http://localhost:9200"+clusterHealthURL, },

Cheers, Carol.

carolvdlinde avatar Oct 18 '18 21:10 carolvdlinde

@carolvdlinde I don't see why not I guess if it accomplishes the same thing. The only downside is you would have to make sure curl is available in the container.

stevesloka avatar Oct 19 '18 18:10 stevesloka

I'm facing master discovery issue with istio proxy inject. Anyone has success with istio enabled?

umairyounus avatar Jan 25 '19 21:01 umairyounus