Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: add health handler for grpcproxy self #12114

Merged
merged 2 commits into from
Jul 10, 2020
Merged

*: add health handler for grpcproxy self #12114

merged 2 commits into from
Jul 10, 2020

Conversation

tangcong
Copy link
Contributor

@tangcong tangcong commented Jul 7, 2020

When grpcproxy hangs or is overloaded, the watch client will not receive any change event and cannot detect the proxy failure. We need a health check to remove the abnormal proxy in time.

@tangcong tangcong marked this pull request as draft July 7, 2020 17:24
gyuho
gyuho reviewed Jul 7, 2020
View reviewed changes
proxy/grpcproxy/health.go Outdated Show resolved Hide resolved
gyuho
gyuho reviewed Jul 7, 2020
View reviewed changes
proxy/grpcproxy/health.go Outdated Show resolved Hide resolved
@tangcong tangcong marked this pull request as ready for review July 10, 2020 17:07
@tangcong
Copy link
Contributor Author

grpcproxy may have a different certificate than etcd, now proxy/health works well when the user enables auto-tls, but i am not sure whether we should add the specified client certificate flags for the health check. proxy cert(grpcProxyListenCert) will be used as a client certificate in health check scenarios. the user-defined proxy certificate may cause the health check to time out. @gyuho

@gyuho
Copy link
Contributor

gyuho commented Jul 10, 2020

proxy cert(grpcProxyListenCert) will be used as a client certificate in health check scenarios

Think this is good for now.

@gyuho gyuho merged commit 07461ec into etcd-io:master Jul 10, 2020
@tangcong
Copy link
Contributor Author

proxy cert(grpcProxyListenCert) will be used as a client certificate in health check scenarios

Think this is good for now.

ok, thanks. I will follow the feedback from the community. If anyone meets the problem, one of the solutions is that cert usages can include client auth.

            "server": {
                "expiry": "2540400h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth",
		    "client auth"
                ]
            },

@tangcong tangcong mentioned this pull request Jul 14, 2020
Closed
@tangcong tangcong mentioned this pull request Sep 7, 2020
Closed
@tangcong tangcong deleted the grpcproxy-healthcheck branch February 26, 2021 18:58
@chaochn47 chaochn47 mentioned this pull request Oct 29, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gyuho gyuho gyuho approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tangcong @gyuho