Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TiDB Pod Probe doesn't work with TLS #2132

Closed
weekface opened this issue Apr 7, 2020 · 2 comments · Fixed by #2139 or #3438
Closed

TiDB Pod Probe doesn't work with TLS #2132

weekface opened this issue Apr 7, 2020 · 2 comments · Fixed by #2139 or #3438
Assignees
@july2993
Labels
type/bug Something isn't working

Comments

@weekface
Copy link
Contributor

weekface commented Apr 7, 2020
edited
Loading

TiDB Pod now has a Probe to probe TiDB Server's /status path. K8s Probe cannot send client certificate when requested. Now that TiDB Server has enabled TLS, TiDB Server has forced to verify the client certificate, so the Probe always failed to work.

Readiness probe failed: Get https://10.244.0.17:10080/status: remote error: tls: bad certificate
@weekface weekface added the type/bug Something isn't working label Apr 7, 2020
This was referenced Apr 7, 2020
Closed
Merged
@sre-bot sre-bot mentioned this issue Apr 14, 2020
Merged
@tennix
Copy link
Member

tennix commented Oct 26, 2020

Can we use a command to do the health check? We can use local tls certificate to request port 10080.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command

@tennix tennix reopened this Oct 26, 2020
@tennix
Copy link
Member

tennix commented Oct 27, 2020

However, tidb docker image does not contain curl and the builtin wget does not support specifying TLS certificates. So in order to use command to do health check, we may need to install curl in the tidb docker image.

@july2993 july2993 mentioned this issue Oct 28, 2020
Merged
@ti-srebot ti-srebot mentioned this issue Oct 30, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@july2993 july2993

Labels
type/bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@weekface @july2993 @tennix