From ef64d9a075beb02518b8dd7b35559359d7d3ee38 Mon Sep 17 00:00:00 2001 From: Kelsey Hightower Date: Sun, 13 May 2018 19:19:48 +0000 Subject: [PATCH] document nginx proxy --- docs/08-bootstrapping-kubernetes-controllers.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index 9cabec8..2ebdbfb 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -291,6 +291,10 @@ In this section you will provision an external load balancer to front the Kubern ### Enable HTTP Health Checks +A [Google Network Load Balancer](https://cloud.google.com/compute/docs/load-balancing/network) will be used to distribute traffic across the three API servers and allow each API server to terminate TLS connections and validate client certificates. The network load balancer only supports HTTP health checks which means the HTTPS endpoint exposed by the API server cannot be used. As a workaround the nginx webserver can be used to proxy HTTP health checks. In this section nginx will be installed and configured to accept HTTP health checks on port `80` and proxy the connections to the API server on `https://127.0.0.1:6443/healthz`. + +> The `/healthz` API server endpoint does not require authentication by default. + The following commands must be run on each controller instance. Example: ```