Lib.rs

Network programming
#grpc #kubernetes #grpc-server #tls-server #container-image #grpc-health

app grpc_health_probe

A utility to run health checks for gRPC services

by Onat Yiğit Mercan

2 stable releases

1.0.1 May 21, 2022
1.0.0 May 20, 2022

#24 in #tls-server

MIT license

14KB
106 lines

grpc-health-probe-rs

rust implementation of the grpc-health-probe. It allows you to query health of gRPC services that expose their status through the gRPC Health Checking Protocol.

build

This command-line utility makes a RPC to /grpc.health.v1.Health/Check. If it responds with a SERVING status, the grpc_health_probe will exit with success, otherwise it will exit with a non-zero exit code (documented below).

This port does not provide a way to skip TLS verification and there are limited options for configuring TLS.

Installation

From binary

You can directly download the grpc_health_probe executable.

Install from crates.io

cargo install grpc_health_probe

Build Manually

Clone the repo and run:

cargo install --path .

Alternatively, run:

cargo build --release

then put the resulting target/release/grpc_health_probe executable on your PATH.

Examples

$ grpc_health_probe --addr=https://localhost:5000
status: Serving

$ grpc_health_probe --addr=https://localhost:9999 --connect-timeout=250 --rpc-timeout=100
error: health rpc failed: Timeout expired

Example: gRPC health checking on Kubernetes

You can bundle the grpc_health_probe binary in your container image and define liveness and/or readiness checks for your gRPC server pods using exec probes.

spec:
  containers:
  - name: server
    image: "[YOUR-DOCKER-IMAGE]"
    ports:
    - containerPort: 5000
    readinessProbe:
      exec:
        command: [
          "/bin/grpc_health_probe",
          "--addr=https://0.0.0.0:5000",
          "--service=queries.v1.QueriesAPI",
          "--tls",
          "--tls-server-name=deployment.namespace.svc.cluster.local"
        ]
      initialDelaySeconds: 5
    livenessProbe:
      exec:
        command: [
          "/bin/grpc_health_probe",
          "--addr=https://0.0.0.0:5000",
          "--service=queries.v1.QueriesAPI",
          "--tls",
          "--tls-server-name=deployment.namespace.svc.cluster.local"
        ]
      initialDelaySeconds: 10

Health Checking TLS Servers

Option Description
--tls use TLS (default: false)
--tls-ca-cert path to file containing CA certificates (to override system root CAs)
--tls-server-name override the hostname used to verify the server certificate

Other Available Flags

Option Description
--connect-timeout timeout in milliseconds for establishing connection
--rpc-timeout timeout in milliseconds for health check rpc
--user-agent user-agent header value of health check requests (default: grpc_health_probe_rs)
--service service name to check (default: "") - empty string is convention for server health

Exit codes

It is not recommended to rely on specific exit statuses. Any failure will be a non-zero exit code.

Exit Code Description
0 success: rpc response is SERVING.
1 failure: invalid command-line arguments
2 failure: connection failed or timed out
3 failure: rpc failed or timed out
4 failure: rpc successful, but the response is not SERVING

Dependencies

~15–26MB
~466K SLoC