livenessprobe failed with EOF (nginx container)

I think the EOF is a symptom of a TLS handshake issue. I'm currently seeing the same.

Some versions of curl can produce a similar result. A workaround for curl seems to be to use --tls-max 1.2.

My current suspicion is that the client (the probe) is trying to negotiate TLS 1.3 with the server but fails (probably due to ciphers). I'm trying to see if we can configure the k8s probes to use TLS 1.2 instead. Alternately, we could turn off TLS 1.3 on the server side. In your case that's on nginx. In my case, I have a jetty 9.4 server with JDK 11.0.6.

Another option might be to upgrade k8s. We seem to see this with k8s v1.15 cluster but not with a k8s v1.16.2 cluster. But I'm not sure if that's due to the k8s version or the underlying OS libraries (in my case CentOS 7).

Kubernetes has two separate ways to track the health of a pod, one during deployment, and one after. LivenessProbe is what causes Kubernetes to replace a failed pod with a new one, but it has absolutely no effect during deployment of the app. Readiness probes, on the other hand, are what Kubernetes uses to determine whether the pod started successfully.

So in your case when your container worked successfuly, you have to define readinessProbe.

Sometimes, applications are temporarily unable to serve traffic. For example, an application might need to load large data or configuration files during startup, or depend on external services after startup. In such cases, you don’t want to kill the application, but you don’t want to send it requests either. Kubernetes provides readiness probes to detect and mitigate these situations. A pod with containers reporting that they are not ready does not receive traffic through Kubernetes Services.

Official kubernetes documentation which describe probes: kubernetes-probes.

Here is useful article: kubernetes-liveness-and-readiness-probes.