Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TCP Ingress Health Check Annotations not Working #832

Closed
dubuc opened this issue Jan 30, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@dubuc
Copy link

commented Jan 30, 2018

Problem
When trying to create an HTTP Health Check at a specific port using a TCP Ingress with Annotations, the specific port is not added to the backend service for health checking.

Kubernetes Version
1.8.4

Voyager Version
5.0.0-rc.11
6.0.0-alpha.0

Other Resources
#683
#695
https://github.com/appscode/voyager/blob/5.0.0-rc.11/apis/voyager/v1beta1/annotations.go#L254

Ingress Manifest

apiVersion: voyager.appscode.com/v1beta1
kind: Ingress
metadata:
  name: voyager-tcp-lb
  annotations:
    ingress.appscode.com/type: LoadBalancer
    ingress.appscode.com/load-balancer-ip: 'xxx.xxx.xxx.xxx'
    ingress.appscode.com/default-timeout: '{"tunnel": "2h"}'
    ingress.appscode.com/check: "true"
    ingress.appscode.com/check-port: "10254"
spec:
  rules:
  - host: example.net
    tcp:
      port: 443
      backend:
        serviceName: backend-service
        servicePort: 4491
        backendRule:
        - 'option httpchk GET /healthz'
        - 'http-check expect status 200'

HAProxy Generated Config

# HAProxy configuration generated by https://github.com/appscode/voyager
# DO NOT EDIT!
global
	daemon
	stats socket /tmp/haproxy
	server-state-file global
	server-state-base /var/state/haproxy/
	# log using a syslog socket
	log /dev/log local0 info
	log /dev/log local0 notice
	tune.ssl.default-dh-param 2048
	ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
defaults
	log global
	# https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-option%20abortonclose
	# https://github.com/appscode/voyager/pull/403
	option dontlognull
	option http-server-close
	# Timeout values
	timeout client 50s
	timeout client-fin 50s
	timeout connect 50s
	timeout server 50s
	timeout tunnel 2h
	# Configure error files
	# default traffic mode is http
	# mode is overwritten in case of tcp services
	mode http
frontend http-0_0_0_0-80
	bind *:80
	mode http
	option httplog
	option forwardfor
	acl is_proxy_https hdr(X-Forwarded-Proto) https
	acl host_acl_example.net hdr(host) -i example.net
	acl host_acl_example.net hdr(host) -i example.net:80
	acl url_acl_example__ path_beg /
	redirect scheme https code 301 if ! is_proxy_https host_acl_example.net url_acl_example.net__
frontend tcp-0_0_0_0-443
	bind *:443
	mode tcp
	default_backend backend-service.dev:4491-4zmg2t
backend backend-service.dev:4491-4zmg2t
	mode tcp
	option httpchk GET /healthz
	http-check expect status 200
	server pod-backend-59cdcb8f66-dnhhw 10.244.2.35:4491
@diptadas

This comment has been minimized.

Copy link
Contributor

commented Feb 6, 2018

You should add health-check annotations in backend-service instead of ingress.

ingress.appscode.com/check: "true"
ingress.appscode.com/check-port: "10254"
@tamalsaha

This comment has been minimized.

Copy link
Member

commented Feb 6, 2018

@dubuc, please reopen if you are still having with the fix by @diptadas .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.