Kubernetes Health Checks in Consul on Kubernetes

This page describes how Consul on Kubernetes will sync the status of Kubernetes health probes of a pod to Consul for service mesh use cases. Health check synchronization with Consul is done automatically whenever is true.

For each Kubernetes pod that is connect-injected the following will be configured:

The mutation behavior can be disabled by either setting the consul.hashicorp.com/transparent-proxy-overwrite-probes pod annotation to or the connectInject.defaultOverwriteProbes Helm value to .

In the case where no user defined health checks are assigned to a pod, the default behavior is that the Consul health check will be marked passing until the pod becomes unready.

It is highly recommended to enable TLS for all production configurations to mitigate any security concerns should the pod network ever be compromised. The controller makes calls across the network to Consul agents on all nodes so an attacker could potentially sniff ACL tokens if those calls are not encrypted via TLS.