-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to set Loadbalancer Service Health Probe Port #1505
Comments
@MartinForReal I've started down this path: If that looks like it makes sense for a fix I'll complete it also for the MixedLB mode |
It also looks like since priority is given to port.AppProtocol we are also unable to:
The ability to decouple the health check from the actual service entry is key to getting Istio ingressgateway to have correct health checks / drain behavior / etc...
|
Well, this is a pleasant surprise. :-) It is reasonable for a fix. If we add two additional annotations, will it work in the current scenario?
Then the priority goes to two new annotations. @feiskyer @nilo19 @lzhecheng Any advice is appreciated! @vsabella Thanks for the contribution! |
Thats exactly what I was thinking and reasonable. I'll have a PR for you later this week. |
Hi @vsabella Do you still have bandwidth to work on this? |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale Checking on this as well, as we recently encountered this when our users started migrating to 1.24. Is the fork fix still under active development, or is there any ongoing work from Microsoft to implement these annotations? FWIW, in our case the affected HTTP services:
|
Reopen from #1499
When configuring Health Checks for Azure Load Balancer you can specify the path and type, but it is not possible to specify the port of the health probe.
Istio Ingress Gateway and similar services do not expose health checks on their actual endpoints (as it can operate across multiple protocols) but instead expose a general health check on a different status port for the gateway.
In AWS this is easily possible with the service.beta.kubernetes.io/aws-load-balancer-healthcheck-port annotation but it does not seem possible in Azure.
This prevents us from configuring health check probes against Istio which need to be targeting the "Status Ready" port not the actual port of the backend.
Example
Istio hosted on two ports: Port 80 and Port 443 will not serve any traffic until a Virtual Service is deployed
The health check needs to be a HTTP health check against the status port, let's say that's 15021
The probe protocol and endpoint and everything can be set, but the health check port cannot be.
For the following spec:
The generated probe needs to look like this:
The text was updated successfully, but these errors were encountered: