Health Check

This policy enables Kuma to keep track of the health of every data plane proxy, with the goal of minimizing the number of failed requests in case a data plane proxy is temporarily unhealthy.

By creating an HealthCheck resource we can instruct a data plane proxy to keep track of the health status for any other data plane proxy. When health-checks are properly configured, a data plane proxy will never send a request to another data plane proxy that is considered unhealthy. When an unhealthy data plane returns to a healthy state, Kuma will resume sending requests to it again.

This policy provides the following types of checks:

  • Active: The data plane proxy will explicitly send requests to other data plane proxies (as described in the policy configuration) to determine if a target data plane is healthy or not. This mode will generate extra traffic to other data plane proxies and services.
  • Passive: Kuma will determine the health of a target data plane proxy by analyzing real traffic being exchanges by the services rather than using auxiliary requests initiated by the data plane proxy itself like would happen in active mode.

Usage

As usual, we can apply sources and destinations selectors to determine how health-checks will be performed across our data plane proxies.

At the moment, the HealthCheck policy supports L4 checks that validate the health status of the underlying TCP connections.

Below an example:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: HealthCheck
  3. mesh: default
  4. metadata:
  5. namespace: default
  6. name: web-to-backend-check
  7. mesh: default
  8. spec:
  9. sources:
  10. - match:
  11. service: web
  12. destinations:
  13. - match:
  14. service: backend
  15. conf:
  16. activeChecks:
  17. interval: 10s
  18. timeout: 2s
  19. unhealthyThreshold: 3
  20. healthyThreshold: 1
  21. passiveChecks:
  22. unhealthyThreshold: 3
  23. penaltyInterval: 5s

We will apply the configuration with kubectl apply -f [..].

  1. type: HealthCheck
  2. name: web-to-backend-check
  3. mesh: default
  4. sources:
  5. - match:
  6. service: web
  7. destinations:
  8. - match:
  9. service: backend
  10. conf:
  11. activeChecks:
  12. interval: 10s
  13. timeout: 2s
  14. unhealthyThreshold: 3
  15. healthyThreshold: 1
  16. passiveChecks:
  17. unhealthyThreshold: 3
  18. penaltyInterval: 5s

We will apply the configuration with kumactl apply -f [..] or via the HTTP API.