Kong SSL upstream healthchecks, client cert/key option

It would be cool to be able to specify a client cert+key here to say whether a target is healthy, this is in the situation where a client key and cert need to be provided to access the page

eg: a curl that needs to pass both a client key and client cert, as well as the ca in order to achieve an http 200.
curl https://upstream/health --cacert ca.crt --cert client.crt --key client.key

Since 1.4 we’ve been able to pass a client.crt and client.key via http directives to get the proxy part of it working, maybe these same env vars could be used for healthchecks if ssl_verify is enabled?

Healthchecks at the moment are a little dumbed down for this situation, either check tcp port, or ignore ssl verification and treat 400s as healthy. It may still show healthy even if a cert has expired for example.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ