Kubernetes LoadBalancer - How does healthCheckNodePort work?
So, according to Kubernetes documentation, when you have an external LoadBalancer service set with externalTrafficPolicy=Local, you can explicitly define a healthCheckNodePort.
If I understood correctly, since LB services with this specific externalTrafficPolicy are unable to determine if a pod is running inside of a node, this healthCheckNodePort should be used to evaluate just that. As a result, a properly set healthCheckNodePort should avoid situations in which our request is routed to improper nodes.
An example would be the image below, extracted from https://www.asykim.com/blog/deep-dive-into-kubernetes-external-traffic-policies. If I properly understood this concept, the healthCheckNodePort should let the LB know that all traffic should be directed to the left node, as the right one doesn't have a pod to handle it.
My question here is: how does the proxy attached to healthCheckNodePort checks for the pod existence? Is this something I should implement from my side, or is Kubernetes auto-assigned port able to handle this health-check on its own? It seems weirdly convenient that any port number would do, so I would like some more insight on how this works.
It's actually very simple; I report a part of OpenShift documentation:
healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type).
https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/service-v1.html
From the point of view of the kube-proxy, this always responds to packets sent to the health check node port.
I suggest you take a look at this example: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-loadbalancer
- Ingress path redirection, helm chart
- fluentd with OpenSearch - where does the @timestamp field come from?
- How can I keep a container running on Kubernetes?
- kubectl logs displays only 'API server listening at: [::]:40000' when remote debugging with dlv is enabled - How do I get my logs back?
- failed calling webhook "vingress.elbv2.k8s.aws"
- Kubernetes - Frontend pod can't reach backend pod
- How to access Kubernetes API when using minkube?
- What is Difference between KubernetesManifest@0 and KubernetesManifest@1 in Yaml pipeline?
- kube-prometheus-stack issue scraping metrics
- No stdout/stderror output or delayed when running Haskell application in Kubernetes
- Is there an imperative command to create daemonsets in kubernetes?
- Mongo DB deployment not working in kubernetes because processor doesn't have AVX support
- Nginx Ingress Controller - Failed Calling Webhook
- Easily detect deprecated resources on Kubernetes
- How to configure a Kubernetes Multi-Pod Deployment
- Difference between targetPort and port in Kubernetes Service definition
- EKS Fargate workloads unable to resolve DNS names
- Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html"
- Can't install Kubernetes on Vagrant
- How do I force Kubernetes to re-pull an image?
- no endpoints available for service \"kubernetes-dashboard\"
- Cannot install kubernetes helm chart Error: cannot re-use a name that is still in use
- helm error "Error: This command needs 2 arguments: release name, chart path"
- Helm --set with > as special Charcater at the end
- k8s CRD definition: 4 mutually exclusive optional fields
- Minikube with ingress example not working
- How to configure a kubernetes bare-metal ingress controller to listen to port 80?
- How to replicate the RuntimeDefault seccompProfile in Kubernetes to run in Docker?
- Add extra custom labels to existing helm chart
- Requirements for installing a Helm chart on a multi-cluster Kubernetes platform