mirror of https://github.com/kubernetes/kops.git
kube-apiserver doesn't expose the healthcheck via a dedicated endpoint, instead relying on anonyomous-access being enabled. That has previously forced us to enable the unauthenticated endpoint on 127.0.0.1:8080. Instead we now run a small sidecar container, which proxies /healthz and /readyz requests (only) adding appropriate authentication using a client certificate. This will also enable better load balancer checks in future, as these have previously been hampered by the custom CA certificate. Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> |
||
---|---|---|
.. | ||
BUILD.bazel | ||
bazel.rc | ||
get_workspace_status.sh | ||
gzip.bzl | ||
hashes.bzl | ||
sha1 | ||
sha256 |