Introduction

In the world of Kubernetes, ensuring the health of an API server is critical. The API server is the core component that exposes the Kubernetes REST API, allowing internal components and external clients to manage resources. A malfunctioning API server can lead to a breakdown in the entire orchestration system. Users often ask whether it's feasible to perform health checks over HTTP or TCP. Let's explore this capability in depth.

Health Checking Kubernetes API Server

HTTP-Based Health Checks

Kubernetes API servers are equipped with built-in HTTP endpoints specifically for health checks. These endpoints can be accessed to determine the status of the API server:

• /healthz: This endpoint returns an HTTP status code of `200` when the server is healthy. If there are issues, it returns a `500` status code along with diagnostic information.
• /livez: Indicates liveness, showing whether the server is running, independent of its readiness.
• /readyz: This checks if the API server is ready to serve traffic. Unlike `healthz`, which is deprecated and aggregates multiple checks, `readyz` is more focused and precise.

These endpoints provide quick and reliable methods to monitor the server's health via HTTP. Here is a basic example of how you might make use of curl to check these endpoints:

• TCP Connectivity: TCP checks can verify if the API server is accepting connections on its default port (usually 6443). However, this won't provide detailed information about its operational state.
  • name: my-container
• Security Concerns: Exposing health endpoints can inadvertently broadcast server status. Always secure these endpoints with proper authentication and authorization.
• Misconfiguration: Always ensure that the correct paths and ports are specified in your checks. A misconfigured probe can cause unnecessary restarts or downtime.
• Load Impact: Frequent health checks can impose additional load on the server. Optimize the frequency and types of checks based on your environment.