K
Q

Kubernetes apiserver anonymous healthcheck

1/30/2018

When disabling anonymous-auth in kube-apiserver.yaml file afterwards the healthcheck starts failing. How can this be avoided. Kubernetes Cluster runs with self-signed tls certificates.

-- JMit
kubernetes

Similar Questions

Kubernetes resources
How to use --set to set values with Prometheus chart?
How to get Environment Variable inside Angular App running in a Pod?
Is Kubernetes + Docker + AWS = Azure + Service Fabric?

1 Answer

1/31/2018

If you don't want to allow anonymous requests to the apiserver, your options are:

  • provide authentication credentials to the component performing the health check
  • OR, switch the health check to a TCP ping (not recommended, since it means it would treat any TCP connection as healthy, even when /healthz was returning unhealthy)
  • OR, expose an unsecured port and make your health check use that (not recommended, since it exposes an access method that gives full API access via an http port)
-- Jordan Liggitt
Source: StackOverflow