istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revise the health check faq (#2175)

This commit is contained in:
Tao Li 2018-08-08 07:19:25 -07:00 committed by Martin Taillefer
parent 75267fc37c
commit 9b9f7b2d48
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
content/help/faq/security/k8s-health-checks.md
View File

@ -3,10 +3,10 @@ title: How can I use Kubernetes liveness and readiness for service health check
weight: 50
---
If mutual TLS is enabled, http and tcp health checks from the kubelet will not
work since they do not have Istio-issued certs. A workaround is to
work since the kubelet does not have Istio-issued certificates. A workaround is to
use a [liveness command](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command)
for health checks, e.g., one can install `curl` in the service pod and `curl` itself
within the pod. The Istio team is actively working on a solution.
within the pod.
An example of a readiness probe:
@ -20,3 +20,8 @@ exec:
initialDelaySeconds: 10
periodSeconds: 5
{{< /text >}}
If you do not want to modify the configuration file, you can enable the `PERMISSIVE`
mode for your services such they can accept both http and mutual TLS traffic. As
a result, the health check will not break. Refer to [Health checking of Istio
services](/docs/tasks/traffic-management/app-health-check/) for more information.