kops/tools
Justin SB 75fd939a62
kube-apiserver: healthcheck via sidecar container
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled.  That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.

Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.

This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
2020-05-07 08:06:52 -04:00
..
BUILD.bazel Use helpers to move gzip & sha from makefile to bazel 2019-09-30 13:52:32 -04:00
bazel.rc Don't force bazel to use python2 2020-04-27 14:37:54 +02:00
get_workspace_status.sh kube-apiserver: healthcheck via sidecar container 2020-05-07 08:06:52 -04:00
gzip.bzl gzip: use --no-name to avoid saving timestamp 2020-02-14 22:27:07 -05:00
hashes.bzl bazel: fix hashes rule to generate outputs 2019-10-01 11:31:09 -04:00
sha1 Replace binary "which" with build in "command" 2020-01-03 15:23:07 -05:00
sha256 Replace binary "which" with build in "command" 2020-01-03 15:23:07 -05:00