K8s Readiness Probes with HTTPS and Certificates
From the official documentation configuring probes:
If scheme field is set to HTTPS, the kubelet sends an HTTPS request skipping the certificate verification.
This is what the manifest would look like:
apiVersion: v1kind: Podmetadata: labels: run: nginx name: alive-n-ready-httpsspec: containers: - name: nginx image: viejo/nginx-mockit livenessProbe: httpGet: path: / port: 443 scheme: HTTPS readinessProbe: httpGet: path: / port: 443 scheme: HTTPS
And while without scheme, the probes would fail with 400
(bad request), as you are sending a http packet to an endpoint that expects https:
10.132.15.199 - - [27/May/2020:18:10:36 +0000] "GET / HTTP/1.1" 400 271 "-" "kube-probe/1.17"
With scheme: HTTPS
, it would succeed:
10.132.15.199 - - [27/May/2020:18:26:28 +0000] "GET / HTTP/2.0" 200 370 "-" "kube-probe/1.17"