mirror of https://github.com/kubernetes/kops.git
75fd939a62
kube-apiserver doesn't expose the healthcheck via a dedicated endpoint, instead relying on anonyomous-access being enabled. That has previously forced us to enable the unauthenticated endpoint on 127.0.0.1:8080. Instead we now run a small sidecar container, which proxies /healthz and /readyz requests (only) adding appropriate authentication using a client certificate. This will also enable better load balancer checks in future, as these have previously been hampered by the custom CA certificate. Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> |
||
|---|---|---|
| .. | ||
| tests | ||
| BUILD.bazel | ||
| model.go | ||
| model_test.go | ||
| options.go | ||