istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add liveness/readiness to security faq (#667) 

* Add liveness/readiness to security faq

* Fix format

* Address comment

* Update faq.md
This commit is contained in:
Tao Li 2017-10-14 12:21:05 -07:00 committed by Laurent Demailly
parent 640630caad
commit 2d9c24af24
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
_docs/tasks/security/faq.md
View File

@ -43,9 +43,22 @@ type: markdown
If Istio Auth is enabled, http and tcp health check from kubelet will not If Istio Auth is enabled, http and tcp health check from kubelet will not
work since they do not have Istio Auth issued certs. A workaround is to work since they do not have Istio Auth issued certs. A workaround is to
use command option for health check, e.g., one can install curl in the use a [liveness command](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command)
service pod and curl itself within the pod. The Istio team is actively for health check, e.g., one can install curl in the service pod and curl itself
working on a solution. within the pod. The Istio team is actively working on a solution.
An example of readinessProbe:
```
livenessProbe:
exec:
command:
- curl
- -f
- http://localhost:8080/healthz # Replace port and URI by your actual health check
initialDelaySeconds: 10
periodSeconds: 5
```
* _Can I access the Kubernetes API Server with Auth enabled?_ * _Can I access the Kubernetes API Server with Auth enabled?_