Skip to content

feat(healthcheck): make healtcheck bind address configurable#2051

Open
dodgex wants to merge 1 commit intocloudnativelabs:masterfrom
dodgex:make-health-addr-configurable
Open

feat(healthcheck): make healtcheck bind address configurable#2051
dodgex wants to merge 1 commit intocloudnativelabs:masterfrom
dodgex:make-health-addr-configurable

Conversation

@dodgex
Copy link
Copy Markdown

@dodgex dodgex commented Apr 3, 2026

What type of PR is this?

feature

What this PR does / why we need it:

This PR makes the bind address used for the healthcheck endpoint configurable.
Similar to and pretty much based on: #1570 that makes metrics bind address configurable.

Which issue(s) this PR is related to:

Fixes #2043

Was AI used during the creation of this PR?

No

What, if any, amount of integration testing was done with this change in a Kubernetes environment?

None

Does this PR introduce a breaking change?

NONE

Anything else the reviewer should know that wasn't already covered?

This PR is pretty much a copy/paste and adapting of changes from #1570.

The development and contribution guides ask/require to execute certain commands. Unfortunately, some of them fail for me.

  • make kube-router and make gofmt are successful.
  • make gofmt-fix fails as it misses goimports. I tried to run go install golang.org/x/tools/cmd/goimports@latest but the fixing still failed with the same error. As I did not change imports, I assume this can be "ignored".
  • make test-pretty fails with DONE 592 tests, 1 failure in 0.062s, where the failing test is

    kube-router_test.go:53: docs/user-guide.md 'command line options' section does not match kube-router --help.

  • plain make fails with

    docker run --rm -v /home/dodge/projects/kube-router:/work -w /work alpine:3.23 sh -c
    'wget -qO- https://github.com/crate-ci/typos/releases/download/v1.33.1/typos-v1.33.1-x86_64-unknown-linux-musl.tar.gz | tar xz -C /usr/local/bin && typos'
    28FBA63FD4730000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:698:
    ssl_client: SSL_connect
    wget: error getting response: Connection reset by peer
    tar: invalid magic
    tar: short read
    make: *** [Makefile:139: spellcheck] Error 1

@catherinetcai
Copy link
Copy Markdown
Collaborator

Hi @dodgex, sorry for the delay in getting to this MR!

The health check implementation is missing a check to ensure that the address/port combination is actually bindable. The metrics server does something similar here:

if err := utils.TCPAddressBindable(kr.Config.MetricsAddr, kr.Config.MetricsPort); err != nil {

Can you also provide a little more context around your home lab setup. I'd like to get more insight onto why having the health check bind to all interfaces is causing problems for you.

@dodgex dodgex force-pushed the make-health-addr-configurable branch from 8ab9b40 to 510fffc Compare April 13, 2026 15:18
@dodgex
Copy link
Copy Markdown
Author

dodgex commented Apr 13, 2026

Hi @catherinetcai, no worries.

I added a check if the healt address/port is bindable, based on the check for the metrics.

Can you also provide a little more context around your home lab setup. I'd like to get more insight onto why having the health check bind to all interfaces is causing problems for you.

Well, as I mentioned in #2043, I am currently more or less in an evalating phase, testing k0s for personal stuff. So currently there is no actual kubernetes setup yet, beside my playground / PoC VM. My current experience with Kubernetes so far is only the "using" side, providing YAML files (svc, deployments etc) for our applications and managing the stuff installed on our cluster with ArgoCD. This project is me liking tech stuff way to much and wanting to learn more about it. :)

I would not say, that having health check bind on all interfaces is actually causing real problems. This is honestly mostly me, like stuff "clean". And as I managed to configure all other ports im my playground (one thanks to a similar PR in k0s itself, that got merged today), I thought, it might be helpful, to contribute what is needed to make it possible.

And even when I, in the next phase of this project decide to roll k0s on my online servers, this wouldn't be that big of a deal, as the firewall would block any access anyway.

tldr: It is pretty much all about limiting the scope to what is needed. And a healtcheck, as harmless as it might be, has no reasons (i can think of) to be available on more interfaces than necessary. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Allow to bind health endpoint to a specifc adress

2 participants