This message was deleted.

Apparently there was a proposal that got closed down due to inactivity:

It would be better to allow this by authorizing "system:unathenticated" to access the /healthz endpoint through RBAC.

Hi Luis, First, thank you for your contributions, very much appreciated. This suggestion would be working around the RKE2 security principle, which is, in my opinion, not desired. RKE2 encourages a good security posture, which is ignored by CAPD. In my opinion, CAPD should give the possibility to do a custom healthcheck.

So the general idea would be employing CAPD's custom healthcheck and ask rke2-agent to check the health of the api server? I suppose the agent has the necessary auth on hand to call api server's

/healthz

and get results