Health Checks
Gloo Gateway includes an HTTP health checking plug-in that you can enable in a Gateway
(which becomes an Envoy Listener). This plug-in responds to health check requests directly with either a 200 OK
or 503 Service Unavailable
message, depending on the current draining state of Envoy.
Before you begin: To activate a health check endpoint on a Gateway, you must first configure a virtual service. For example, you can follow one of the destination selection guides to create a virtual service.
-
Edit the gateway proxy that you want to add the health check to. Note: If you use TLS termination in Gloo Gateway, use the
gateway-proxy-ssl
tab to configure the Gateway Proxy SSL.kubectl --namespace gloo-system edit gateway gateway-proxy
kubectl --namespace gloo-system edit gateway gateway-proxy-ssl
-
Add the
healthCheck
stanza to thespec.options
section of the gateway. Note that the HTTP path of any health check requests must be exact matches to the value ofhealthCheck.path
.apiVersion: gateway.solo.io/v1 kind: Gateway metadata: name: gateway-proxy namespace: gloo-system spec: bindAddress: '::' bindPort: 8080 httpGateway: options: healthCheck: path: /any-path-you-want
apiVersion: gateway.solo.io/v1 kind: Gateway metadata: labels: app: gloo name: gateway-proxy-ssl namespace: gloo-system spec: bindAddress: '::' bindPort: 8443 httpGateway: options: healthCheck: path: /any-path-you-want proxyNames: - gateway-proxy ssl: true useProxyProto: false
-
To test the health check, drain the Envoy connections by sending an
HTTP POST
request to the Envoy admin port on<envoy-ip>:<admin-addr>/healthcheck/fail
. This port defaults to19000
. -
Send a request to the health check path. Because Envoy is in a draining state, the
503 Service Unavailable
message is returned.curl $(glooctl proxy url)/<path>