Skip to content

feat: handle kubelet TCP/HTTP probes #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ctrox merged 7 commits into from
Aug 2, 2025
Merged

feat: handle kubelet TCP/HTTP probes #72

ctrox merged 7 commits into from
Aug 2, 2025

Conversation

@ctrox
Copy link
Owner

@ctrox ctrox commented Aug 2, 2025

This adds probe handling to the activator and socket tracker. The activator detects HTTP probes based on the user-agent header and TCP probes are detected as kubelet does not send any data, so we get an immediate EOF when trying to peek into the connection buffer. A bit trickier is the detection of those probes in the eBPF socket tracker. We match up connections from the kubelet process to the expected pod IP address and ignore those in the tracker. This requires some adjustments depending on the k8s distribution, for example in k3s the kubelet is embedded in the k3s process. The k3s deployment manifests have been adjusted accordingly to pass that via a manager flag.

Closes #34

@ctrox ctrox force-pushed the probes branch 4 times, most recently from 444e3b5 to 0225ca3 Compare August 2, 2025 15:06
@ctrox ctrox merged commit 4c1fc4b into main Aug 2, 2025
8 checks passed
@ctrox ctrox deleted the probes branch August 2, 2025 15:55
@ctrox ctrox mentioned this pull request Sep 8, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

How does this work with startup, readiness and liveness probes?

2 participants

@ctrox