You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the GCE controller docs, one of the 2 options for passing health checks sent by the GCE load balancers is to expose an arbitrary URL as a readinessProbe - but with a caveat that if the readinessProbe requires "special headers or HTTPS" it defaults back to /.
My request is to make the HTTP Host Header a "non-special header", because it is quite common, and it is explicitly supported by GCE health-checks. Also, this is explicitly mentioned in k8s docs as the way to work with pods that rely on vhosts.
I've hit this issue quite hard when using Ingress to expose a Django app - once I've set DEBUG=False, it went dark because / didn't respond with 200 and GCE load balancer didn't set the Host header which is whitelisted in Django production mode.
I was able to solve it by manually modifying the health-check to use /healthz and add the required Host header. Luckily, GLBC's control loop doesn't detect this as a change and undoes it... (but I'm hoping for a less manual solution)
Here's a sample YAML that can be used to reproduce this behavior:
Thanks for creating this issue and preparing a PR.
There's some discussion about changing how GLBC creates health checks. The current methodology isn't a great indicator of anything other than a node's ability to talk to a pod. In the worst case (a single pod in a large cluster), N health checks hit the pod at every interval. We could address your issue, but it could be irrelevant before the next GLBC release if we move to health check kube-proxy instead of the service. Let's wait for decisions to be made on that front before merging/closing your PR.
According to the GCE controller docs, one of the 2 options for passing health checks sent by the GCE load balancers is to expose an arbitrary URL as a readinessProbe - but with a caveat that if the readinessProbe requires "special headers or HTTPS" it defaults back to
/
.My request is to make the HTTP Host Header a "non-special header", because it is quite common, and it is explicitly supported by GCE health-checks. Also, this is explicitly mentioned in k8s docs as the way to work with pods that rely on vhosts.
I've hit this issue quite hard when using Ingress to expose a Django app - once I've set
DEBUG=False
, it went dark because/
didn't respond with200
and GCE load balancer didn't set the Host header which is whitelisted in Django production mode.I was able to solve it by manually modifying the health-check to use
/healthz
and add the required Host header. Luckily, GLBC's control loop doesn't detect this as a change and undoes it... (but I'm hoping for a less manual solution)Here's a sample YAML that can be used to reproduce this behavior:
The text was updated successfully, but these errors were encountered: