including proxyHealth path

[DiogoFKT]

The common endpoint /health/${server.serviceId} must validate BOTH proxy and backend to return "OK" otherwise it will return "ERROR"

[stevehu]

If the health endpoint is proxied to the backend, should we protect it with the admin chain for security? If we don't, we might have the risk of a DDoS attack to send too many requests to the backend. At least we need a whitelist to allow only certain clients to connect. What do you think?

[DiogoFKT]

Interesting point. Few counter-points:

• The risk of giving health monitor services the admin credentials might outweigh the risk of DDoS;
• There's an assumption that proxy sidecar can absorb more request volume since DDoS attacks will affect non-proxied /health regardless and the microservice as a unit would be unavailable anyway;
• There's also higher complexity (and cost) associated to authentication mechanism for frequent health checks (teams might start disabling security of /health altogether to avoid the extra overhead for monitors within same network zone);
• DDoS can be mitigated by configuring default Rate Limit for /health based on resource allocation;

[stevehu]

@DiogoFKT Based on our conversation, I have added the rate limit handle to the proxy health endpoint with the serviceId as a path parameter. Please review and let me know if you have any questions.

[DiogoFKT]

Yes looks good thanks! We will set the default threshold via values