This message was deleted.
# cabpr
a
This message was deleted.
m
Apparently there was a proposal that got closed down due to inactivity:
It would be better to allow this by authorizing "system:unathenticated" to access the /healthz endpoint through RBAC.
c
Hi Luis, First, thank you for your contributions, very much appreciated. This suggestion would be working around the RKE2 security principle, which is, in my opinion, not desired. RKE2 encourages a good security posture, which is ignored by CAPD. In my opinion, CAPD should give the possibility to do a custom healthcheck.
m
So the general idea would be employing CAPD's custom healthcheck and ask rke2-agent to check the health of the api server? I suppose the agent has the necessary auth on hand to call api server's
/healthz
and get results