Health checks for TLS Secrets
9 views
Skip to first unread message
Satwick Dash
Oct 8, 2025, 5:52:58 AM (4 days ago) Oct 8
to envoy-users
Hi,
We're using envoy as a container for outbound requests from a pod. We're also using transport_socket.tls.v3.Secret for the certificates stored in a K8s secret.
Is there a way we can check the health of running envoy instance, to see if we're facing TLS errors, due to empty certificates? Specifically errors like -
```
[2025-10-08 07:56:32.875][22][debug][pool] [source/common/conn_pool/conn_pool_base.cc:495] [Tags: "ConnectionId":"1"] client disconnected, failure reason: TLS error: Secret is not supplied by SDS [2025-10-08 07:56:32.875][22][debug][router] [source/common/router/router.cc:1355] [Tags: "ConnectionId":"0","StreamId":"15292288025689618954"] upstream reset: reset reason: remote connection failure, transport failure reason: TLS error: Secret is not supplied by SDS
```
Is there a way we can check for these errors via a livenessProbe / readinessProbe?
Thanks in advance!
We're using envoy as a container for outbound requests from a pod. We're also using transport_socket.tls.v3.Secret for the certificates stored in a K8s secret.
Is there a way we can check the health of running envoy instance, to see if we're facing TLS errors, due to empty certificates? Specifically errors like -
```
[2025-10-08 07:56:32.875][22][debug][pool] [source/common/conn_pool/conn_pool_base.cc:495] [Tags: "ConnectionId":"1"] client disconnected, failure reason: TLS error: Secret is not supplied by SDS [2025-10-08 07:56:32.875][22][debug][router] [source/common/router/router.cc:1355] [Tags: "ConnectionId":"0","StreamId":"15292288025689618954"] upstream reset: reset reason: remote connection failure, transport failure reason: TLS error: Secret is not supplied by SDS
```
Is there a way we can check for these errors via a livenessProbe / readinessProbe?
Thanks in advance!
Reply all
Reply to author
Forward
0 new messages