Question

我的应用基于Express Node Framework，并以https cert开头。那么k8s是否支持https活动探针？模式是HTTPS。我认为活动探针是通过IP地址而不是域发送请求。因此，看来HTTPS架构实际上不起作用。

      livenessProbe:
        httpGet:
          path: /api/alive
          port: 8433
          scheme: HTTPS

Answer 1

是的，确实如此。同时支持“ HTTP”和“ HTTPS”。参见下面的示例

apiVersion: v1
kind: Pod
metadata:
  labels:
    test: liveness
  name: liveness-http
spec:
  containers:
  - args:
    - /server
    image: k8s.gcr.io/liveness
    livenessProbe:
      httpGet:
        # when "host" is not defined, "PodIP" will be used
        # host: my-host
        # when "scheme" is not defined, "HTTP" scheme will be used. Only "HTTP" and "HTTPS" are allowed
        # scheme: HTTPS
        path: /healthz
        port: 8080
        httpHeaders:
        - name: X-Custom-Header
          value: Awesome
      initialDelaySeconds: 15
      timeoutSeconds: 1
    name: liveness

请注意，如果scheme字段设置为HTTPS，则kubelet将HTTPS请求发送到指定的路径（路径：/ healthz）和端口（端口：8080）以执行跳过证书验证的检查

k8s是否支持https活动和就绪性探针

1 个答案: