qrkourier
commented
7 months ago We could invent a new config var like ZITI_ROUTER_HEALTH_MIN_LINK_COUNT to trigger also adding the link.health check, but a default of 0 doesn't seem useful, and a default of 1 would leave a proportion of networks in an "unhealthy" state because they have only one router. I'm leaning toward omitting this one in the minimal default config template.
Controller and router have built in endpoint
/health-checkwhich is useful for liveness and readiness probes. This has two parts: config and binding. The config part specifies which checks are performed internally and, in some cases, defines a healthy state, e.g., minimum router link count. The binding part is a web binding just like client and mgmt APIs.The controller template already configures the health check by default, but does not expose it in a web binding. There's only one web binding in the controller template using the default identity, which is fine for the minimal config generator. It's currently shared by edge-management, edge-client, and fabric in the controller template.
e.g., disable health checks when generating a controller config
ZITI_CTRL_HEALTHCHECKS_ENABLED=false ziti create config config controller. Should generate a config that neither configures nor binds any health checks, e.g., the boltdb healthcheck.Similarly,
ziti create config router edgeshould by default configure the controller ping healthcheck and add a web binding for the shared (ALPN) port where ziti-edge and ziti-link (if configured) are also bound.Related issue https://github.com/openziti/ziti/issues/1808 only applies to routers that are not advertising edge or link listeners because routers that are reachable should not publish their health-check endpoints.