Kong SSL upstream healthchecks, client cert/key option

Feature/Request
It would be cool to be able to specify a client cert+key here to say whether a target is healthy, this is in the situation where a client key and cert need to be provided to access the page

eg: a curl that needs to pass both a client key and client cert, as well as the ca in order to achieve an http 200.
curl https://upstream/health --cacert ca.crt --cert client.crt --key client.key

Since 1.4 we’ve been able to pass a client.crt and client.key via http directives to get the proxy part of it working, maybe these same env vars could be used for healthchecks if ssl_verify is enabled?

Healthchecks at the moment are a little dumbed down for this situation, either check tcp port, or ignore ssl verification and treat 400s as healthy. It may still show healthy even if a cert has expired for example.

KONG_LUA_SSL_TRUSTED_CERTIFICATE=/mnt/certs/ca.crt
KONG_CLIENT_SSL_CERT=/mnt/certs/client.crt
KONG_CLIENT_SSL_CERT_KEY=/mnt/certs/client.key


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ