istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add liveness/readiness to security faq (#667) 

* Add liveness/readiness to security faq

* Fix format

* Address comment

* Update faq.md
This commit is contained in:
Tao Li 2017-10-14 12:21:05 -07:00 committed by Laurent Demailly
parent 640630caad
commit 2d9c24af24
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
_docs/tasks/security/faq.md
View File

@ -43,9 +43,22 @@ type: markdown
If Istio Auth is enabled, http and tcp health check from kubelet will not
work since they do not have Istio Auth issued certs. A workaround is to
use command option for health check, e.g., one can install curl in the
service pod and curl itself within the pod. The Istio team is actively
working on a solution.
use a [liveness command](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command)
for health check, e.g., one can install curl in the service pod and curl itself
within the pod. The Istio team is actively working on a solution.
An example of readinessProbe:
```
livenessProbe:
exec:
command:
- curl
- -f
- http://localhost:8080/healthz # Replace port and URI by your actual health check
initialDelaySeconds: 10
periodSeconds: 5
```
* _Can I access the Kubernetes API Server with Auth enabled?_