readinessProbe failed to perform in ServiceMesh enabled application
Environment
- OpenShift Container Platform
- Red Hat OpenShift Service on AWS
- ServiceMesh 2.x
Issue
- Failed to perform readinessProbe in ServiceMesh enabled application.
- readinessProbe failed in ServiceMesh application, when dataPlane.mtls to true.
- ServiceMesh enabled application failed to start when spec.security.dataPlane.mtls to true.
- Without readinessProbe or spec.security.dataPlane.mtls to false works well with application.
Resolution
- Added annotation
traffic.sidecar.istio.io/excludeInboundPorts: "8080"in application deployments to bypass readinessProbe port 8080.
template:
metadata:
annotations:
sidecar.istio.io/inject: "true"
traffic.sidecar.istio.io/excludeInboundPorts: "8080"
Diagnostic Steps
- Checked application pod logs, where it was failing to start application service. Not much logs.
- Enabled debug loglevel in istio-proxy using article, there also did not have much detail.
- Try debugging with
oc rsh pod-nameand see if application is available, by performing curl to readinessProbe endpoint or application endpoint.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments