Proxy check default #4381
Merged
Proxy check default #4381
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… 0.0.0.0. This also provides a mechanism to configure custom address or disable the check entirely from managed proxy config.
mkeeler
approved these changes
Jul 12, 2018
| } | ||
|
|
||
| // If we have a bind address and its diallable, use that | ||
| if bindAddr, ok := proxyCfg["bind_address"].(string); ok && |
There was a problem hiding this comment.
Should we also make sure bindAddr is not a unix socket? Seems like it but I am not sure if we allow binding a proxy to a unix socket.
There was a problem hiding this comment.
I don't think it ever makes sense for the public listener on the proxy to be a unix socket. We may well add support for the private app => proxy listener being unix but this health check is always against the public socket so I think we are safe.
The TCP check is for the public port - i.e. is the service available to other instances in the cluster.
mkeeler
requested changes
Jul 12, 2018
| run a [TCP health check](/docs/agent/checks.html) against. By default this is | ||
| the same as the proxy's [bind address](#bind_address) except if the | ||
| bind_address is `0.0.0.0` or `[::]` in which case this defaults to `127.0.0.1` | ||
| and assumes agent can dial proxy over loopback. For more complex |
mkeeler
approved these changes
Jul 12, 2018
mitchellh
approved these changes
Jul 12, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #4301
If the managed proxy is bound to an unspecified address (0.0.0.0/[::]), default to 127.0.0.1.
Also adds a config mechanism to override that for more complex setups where loopback isn't the right option, and a way to disable the TCP check entirely should there be some reason it doesn't work for your topology.
Docs updated too (please proof read!).