Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to specify a healthcheck protocol for a defaultBackend #97

Open
cweeks72 opened this issue Sep 23, 2024 · 2 comments
Open

Unable to specify a healthcheck protocol for a defaultBackend #97

cweeks72 opened this issue Sep 23, 2024 · 2 comments

Comments

@cweeks72
Copy link

I have an Ingress talking to a service, and I'm using a "defaultBackend" to route all unknown traffic to the service.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ocilbingresshttps
  annotations:
    oci-native-ingress.oraclecloud.com/protocol: HTTP2
    oci-native-ingress.oraclecloud.com/backend-tls-enabled: "false"
    oci-native-ingress.oraclecloud.com/https-listener-port: "443"
    oci-native-ingress.oraclecloud.com/healthcheck-protocol: "http"
    oci-native-ingress.oraclecloud.com/healthcheck-path: "/ping"
spec:
  ingressClassName: ocilb
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: traefik
                port: 
                  name: websecure
  defaultBackend:
    service:
      name: traefik
      port:
        name: websecure

I have specified a healthcheck for the service using the annotations:

    oci-native-ingress.oraclecloud.com/healthcheck-protocol: "http"
    oci-native-ingress.oraclecloud.com/healthcheck-path: "/ping"

Unfortunately, they do not get applied to the "default_ingress" backendset - so it stays as the default - a TCP service, leaving the loadbalancer in the "Critical" smart check status.

From the native ingress log file:

"BackendSetHealthCheckerMap": {
  "bs_c0b815d03fa5fbd": {
   "protocol": "HTTP",
   "urlPath": "/ping",
   "port": 0,
   "returnCode": 200,
   "retries": 3,
   "timeoutInMillis": 3000,
   "intervalInMillis": 10000,
   "responseBodyRegex": "",
   "isForcePlainText": false
  },
  "bs_c2b7f75c1039b6f": {
   "protocol": "HTTP",
   "urlPath": "/ping",
   "port": 0,
   "returnCode": 200,
   "retries": 3,
   "timeoutInMillis": 3000,
   "intervalInMillis": 10000,
   "responseBodyRegex": "",
   "isForcePlainText": false
  },
  "default_ingress": {
   "protocol": "TCP",
   "urlPath": null,
   "port": 0,
   "returnCode": null,
   "retries": 3,
   "timeoutInMillis": 3000,
   "intervalInMillis": 10000,
   "responseBodyRegex": null,
   "isForcePlainText": null
  }
 },

Thanks!
@nirpai
Copy link
Contributor

nirpai commented Sep 26, 2024

@cweeks72 Currently we don't have health checks for default ingress. The default health check of TCP is minimalistic and it confirms that the default backends are reachable to LB. If they are critical so posibly they are not rechable. Can you please validate this?

@cweeks72
Copy link
Author

The "Smart Healthcheck" of the loadbalancer is flagged as a critical warning, because of the TCP healthcheck to an HTTP backend. This can only be fixed by changing the healthcheck type to HTTP for the default backendset.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cweeks72 @nirpai