No firewall rule created to allow health check if health check port does not match backend port.

[DeanBrunt]

Currently, if I specify the health check port for a backend to be different to the port for the backend, no firewall rule to allow health checking on the health check port is created.

A quick squint at the terraform suggests this is because we, presumably incorrectly, use the value of port for each backend for the firewall rule, not that of the health check port.

[morgante]

Yeah this looks like a bug. We would need to update this resource to use HC ports.

[DeanBrunt]

I was going to just raise a PR for this but couldn't remember what the behaviour would be if we looped over health checked backends in the case that there were 0 (therefore giving the firewall rule no allow blocks), so will have to give this a test

[tpoindessous]

Hi @DeanBrunt , we are interessed by this feature because we use goss-server as healthcheck server.

Any idea when you could tackle this issue ? Do you need any help ?

Thanks !

[DeanBrunt]

Hey @tpoindessous ,

I suspect I'll get round to this within the next couple of weekends or so.
The change should be fairly simple as it should be a case of updating the resource that @morgante referenced to use the HC ports.

If you've got bandwidth to tackle this that would be great, else I'll look to do it at a juncture when I've got some spare time.