Ingress controller does not work with TCP readiness probe, defaults back to HTTP

[arianitu]

I want to use a TCP readiness probe, but it keeps creating a HTTP health check instead of a TCP health check. In my deployment of my service, I have this:

        readinessProbe:
          tcpSocket:
            port: 80
            
          initialDelaySeconds: 5
          periodSeconds: 10
          
        livenessProbe:
          tcpSocket:
            port: 80
              
          initialDelaySeconds: 15
          periodSeconds: 20

        ports:
          - containerPort: 80

When I go to the GCE health check tab, it still uses HTTP. Is it because I am using port 80 here?

[rramkumar1]

@arianitu An L7 Google Cloud LB only supports HTTP, HTTPS or HTTP2 health checks.

Is there a specific reason why you need to use a TCP readiness/liveness probe vs a probe that makes a HTTP call?

[arianitu]

@rramkumar1 Is that true? Under the LB on Google Cloud, I can pick TCP as an option for a health check.

There isn't a specific reason, I was just using TCP health checks and it was failing even though under LB I can edit the generated LB and switch it to TCP and it works.

[rramkumar1]

@arianitu Yeah, you are right. I was reading the documentation at https://cloud.google.com/load-balancing/docs/https/ and didn't see TCP so I assumed it was not supported but it looks like it is an option.

Looking at our code, when we look at the liveness/readiness probe from the Pod spec, we only look at HTTP settings (see https://github.com/kubernetes/ingress-gce/blob/master/pkg/controller/translator/translator.go#L229)

We want to deprecate soon the "health checks via probe" feature so I doubt we will add support for looking at the TCP settings. Given that, can this be closed?

[arianitu]

@rramkumar1 What do you mean you're going to deprecate health checks via probe? Will you have to manually setup health checks on LB going forward, or you are designing a new system?

[rramkumar1]

@arianitu We will be surfacing a new API in the existing BackendConfig CRD for users to configure health checks. The liveness probe API is not expressive enough and requires us to watch all Pods. It is also very error prone.

Once this new API lands, we will ensure that existing users of the liveness probe health checks have a clear migration story.

[arianitu]

Sweet, looking forward to it!

@rramkumar1

[jgirdner]

Following the instructions on Google to create a node port service and then ingress. Ingress creates a health check that is checking the node port which is set to TCP but the health check that's created is checking over HTTP. When I change that auto created health check to TCP it passes and the site comes up but it sets itself back to HTTP and I can't seem to figure out why.

[rramkumar1]

@jgirdner It is expected behavior that the ingress-gce controller will overwrite your changes.

Please see #42 for discussion on how to surface an API that allows for custom health checks.