This topic describes the issue in which no valid health check information is displayed after sidecar injection. This topic also describes the cause of the issue and provides a solution.

Problem description

No valid health check information is displayed after sidecar injection. In this example, port 8087 is used for TCP health checks. After you enable mutual Transport Layer Security (mTLS), no health check information of port 8087 is displayed on the Events tab of the details page of a pod in the Container Service for Kubernetes console.

Events tab

Cause

After you enable mTLS in Alibaba Cloud Service Mesh (ASM), the requests for health checks sent by the kubelet to the pod are intercepted by the sidecar proxy. If the kubelet cannot provide the required TLS certificate, the health checks fail.

Solution

You can configure settings to allow the traffic of health checks to bypass the sidecar proxy. Perform the following steps:

Allow the traffic of health checks to bypass the sidecar proxy

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose Sidecar Management(Data Plane) > Sidecar Proxy Setting in the left-side navigation pane.
  5. On the Namespace tab, select the namespace that you want to manage, click enable/disable Sidecar proxy by port or address, and then set the required parameters.
    The following table describes the parameters.
    Parameter Description
    Set the port numbers to prevent InboundTraffic from passing through the sidecar proxy The port on which you want to allow the inbound traffic to bypass the sidecar proxy. In this example, port 8087 is used.
    Set the port numbers to prevent OutboundTraffic from passing through the sidecar proxy The port on which you want to allow the outbound traffic to bypass the sidecar proxy. In this example, port 8087 is used.
  6. Click Update Settings.

View health check results

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane of the details page, choose Workloads > Pods.
  5. Click the name of the pod whose details you want to view to go to the details page of the pod. Alternatively, you can click Details in the Actions column that corresponds to the pod.
  6. On the details page of the pod, click the Events tab.
    The following figure shows the health check results of port 8087. events