Use HTTPS for probes if UI port is serving HTTPS #45
Description
We have a policy of using end to end TLS for all containers.
I am deploying seq to Kubernetes (AKS cluster + traefik ingress controller). When I switch the UI port to use 443 in the config.yaml like the following
ui:
containerPort: 443
service:
port: 443
The above fails the probes. When I looked at the Helm chart from Seq, I see the port UI is > used in probes but the "scheme" value is not parameterized in helm.
https://github.com/datalust/helm.datalust.co/blob/main/charts/seq/templates/deployment.yaml#L62I had to manually edit the Kubernetes Seq deployment to set the following in liveness , readiness and startup probe.
scheme: HTTPS
After making the above manual tweak , my pod comes up fine with probes. I was unable to set scheme using the helm and I had to manually tweak the deployment.
My observation:
Anyone who wants to run end to end TLS including the UI port, can't because all probe default to use the HTTP scheme. This do not works with TLS probes. Can you please have a look at the scheme parameter in the helm chart and advise if I have missed something or the scheme in probes needs to be parameterized in the helm chart from Seq.
Originally posted by @Atif-Syed-1 in datalust/seq-tickets#2000