-
Notifications
You must be signed in to change notification settings - Fork 525
Health Probe from Azure Load balancer causes handshake error #804
Comments
Did some research on this, and according to current Azure LB documentation, it does not support the ssl protocol as AWS: So looks we can either open a non-secure port for healthz check (not sure about the security implications) or we will need Azure LB to implement the health probe feature with ssl. |
This is still an issue on aks-engine but this issue has not been ported over. |
👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. |
@danmassie can you provide a repro using a recent version of k8s/aks-engine? thanks! |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
we still have this issue on Kubernetes 1.14.1 . deployed with AKS-engine version 0.37.0 I0822 14:09:09.554030 1 log.go:172] http: TLS handshake error from 168.63.129.16:50686: EOF I0822 14:09:09.554128 1 log.go:172] http: TLS handshake error from 168.63.129.16:50685: EOF |
Is this a request for help?: NO
Is this an ISSUE or FEATURE REQUEST? (choose one): ISSUE
What version of acs-engine?: v0.10.0
Orchestrator and version (e.g. Kubernetes, DC/OS, Swarm)
Kubernetes 1.6.6
What happened:
Azure load balancer uses a TCP based Health Probe on port 443 to check availability of the master nodes within the cluster. This causes the following in the api server logs:
{"log":"I0124 15:46:58.711408 1 logs.go:41] http: TLS handshake error from 168.63.129.16:59087: EOF\n","stream":"stderr","time":"2018-01-24T15:46:58.711746619Z"}
What you expected to happen:
Probe does not cause errors to be generated in the logs
How to reproduce it (as minimally and precisely as possible):
Create a cluster with a acs-engine template
Anything else we need to know:
Similar issue resolved on AWS...
kubernetes-retired/kube-aws#604
The text was updated successfully, but these errors were encountered: