mirror of https://github.com/kubernetes/kops.git
75fd939a62
kube-apiserver doesn't expose the healthcheck via a dedicated endpoint, instead relying on anonyomous-access being enabled. That has previously forced us to enable the unauthenticated endpoint on 127.0.0.1:8080. Instead we now run a small sidecar container, which proxies /healthz and /readyz requests (only) adding appropriate authentication using a client certificate. This will also enable better load balancer checks in future, as these have previously been hampered by the custom CA certificate. Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> |
||
|---|---|---|
| .. | ||
| BUILD.bazel | ||
| bazel.rc | ||
| get_workspace_status.sh | ||
| gzip.bzl | ||
| hashes.bzl | ||
| sha1 | ||
| sha256 | ||