Consider Traefik pod "ready" only when all routes are setup #9475
Comments
mossroy
changed the title
We don't maintain traefik or the the traefik helm chart. I would suggest that you open an issue at https://github.com/traefik/traefik or https://github.com/traefik/traefik-helm-chart requesting the behavior you're looking for. |
|
The Traefik CRD will soon be upgraded to v27 because of a CVE in Traefik: #10938. When it will be done, it should solve a very small part of that issue: it should be possible to set a startupProbe in the HelmChartConfig of Traefik (instead of having to set it manually in the Deployment, and set it again after each k3s upgrade) |
Is your feature request related to a problem? Please describe.
When Traefik is starting, it is considered "ready" even if all the routes are not configured.
So incoming HTTP requests can receive some HTTP 404, or the TLS certificate of another route, for the few seconds until all routes are setup.
This happens on startup but also for any change that requires a "rollout restart" of traefik pod.
Describe the solution you'd like
Adding a startupProbe on Traefik could probably solve that.
It might be necessary to upgrade traefik CRD to v26.0.0 to allow a startupProbe, see traefik/traefik-helm-chart#956
The probe should check that Traefik is really ready.
Describe alternatives you've considered
I've manually added a startupProbe in Traefik deployment, that checks for one of my routes.
It works fine, but is specific to my use-case, and only checks one router
Additional context
Currently, Traefik pod only has a livenessProbe and a readinessProbe. Both check /ping on port 9000, which returns an HTTP 200 very early.
So, if all routes are not setup, Traefik can send HTTP requests to a wrong router, that would likely send wrong TLS certificate, return HTTP 404 etc.
Adding a startupProbe would allow for a specific check on startup, that could avoid that
The text was updated successfully, but these errors were encountered: