Conversation
Signed-off-by: Alex Leong <[email protected]>
|
@adleong Why not use the existing /ready endpoint, which is at least tied to identitiy? |
|
See linkerd/linkerd2#3984 for a fuller discussion. Kubernetes differentiates liveness and readiness. The |
|
But we don't want to consider the proxy live until it's received it's initial identity, do we? Afaict, that issue doesn't explain why we shouldn't use /ready, just that we shouldn't use /metrics. |
|
@olix0r I do not think it will be considered live until the ready check returns true. I think the readyness checks need to pass and only then the liveliness checks kick in. So no I do not see a risk of k8s considering the proxy ready and alive before the identity is obtained. |
|
The endpoint will only be added to the service once readiness passes. So, having a liveness check that succeeds before the readiness check is okay. The liveness check is used to restart the container, so we'll want that to be tied to events that require restarting and not readiness itself. There's probably no real harm having readiness and liveness checks be the same today, as the liveness check itself is mostly just making sure the lights are on. That said, we'd want to split it out in the future if there were reasons to trigger a restart (leaking internal structures, deadlocks, ...). |
This release includes a new protocol detection timeout, which prevents clients from consuming resources indefinitely when they do not send any data. Additionally: the proxy's admin endpoint now supports a `/live` endpoint for liveness checks, and a feature has been added to enrich tracing metadata from a file of label/values. --- * Add Labels from a path as oc-collector attributes (linkerd/linkerd2-proxy#463) * Add liveness endpoint to admin server (linkerd/linkerd2-proxy#470) * docker: Use buildkit for caching (linkerd/linkerd2-proxy#472) * Makefile: Use STRIP variable with strip as default (linkerd/linkerd2-proxy#475) * Add checksec to the release process (linkerd/linkerd2-proxy#476) * Time out protocol detect futures (linkerd/linkerd2-proxy#464) * Ensure that checksec is executable (linkerd/linkerd2-proxy#477) * Fix the checksec URL (linkerd/linkerd2-proxy#478) * Undo hardcoded release version (linkerd/linkerd2-proxy#479)
This release includes a new protocol detection timeout, which prevents clients from consuming resources indefinitely when they do not send any data. Additionally: the proxy's admin endpoint now supports a `/live` endpoint for liveness checks, and a feature has been added to enrich tracing metadata from a file of label/values. --- * Add Labels from a path as oc-collector attributes (linkerd/linkerd2-proxy#463) * Add liveness endpoint to admin server (linkerd/linkerd2-proxy#470) * docker: Use buildkit for caching (linkerd/linkerd2-proxy#472) * Makefile: Use STRIP variable with strip as default (linkerd/linkerd2-proxy#475) * Add checksec to the release process (linkerd/linkerd2-proxy#476) * Time out protocol detect futures (linkerd/linkerd2-proxy#464) * Ensure that checksec is executable (linkerd/linkerd2-proxy#477) * Fix the checksec URL (linkerd/linkerd2-proxy#478) * Undo hardcoded release version (linkerd/linkerd2-proxy#479)
5 participants
Relates to linkerd/linkerd2#3984
Add a
/liveendpoint to the admin server which always returns a 200 success. This can be used for liveness checking.Signed-off-by: Alex Leong [email protected]