Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace 3rd party grpc-healh-probe binary in probes invoked internally #474

Closed
zolug opened this issue Nov 3, 2023 · 0 comments
Closed

Replace 3rd party grpc-healh-probe binary in probes invoked internally #474

zolug opened this issue Nov 3, 2023 · 0 comments
Labels
kind/enhancement New feature or request priority/high

Comments

@zolug
Copy link
Collaborator

zolug commented Nov 3, 2023
edited
Loading

Is your feature request related to a problem? Please describe.
In Meridio probes might rely on multiple so called subservice states to report their serving status.
Some of these subservices might require running 3rd party grpc-health-probe binary to check an associated
gRPC server's serving state. The attestation due to periodically forking a new process and fetching credentials for such a probe introduces additional CPU load on Spire when checking a TLS server with SPIFFE issued credentials.

Describe the solution you'd like
In case of subservices replace the 3rd party binary grpc-health-probe with a health client contained within the calling process,
and avoid constant attestation by Spire agents whenever the health client Checks a TLS server with SPIFFE issued credentials.

Describe alternatives you've considered
NA

Additional context
NA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement New feature or request priority/high
Projects
Meridio
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zolug