Will linkerd saz block my liveness and readiness probe checks?

[mt185252]

Hi I need some help in understanding if linkerd server will block my liveness and readiness probe checks?
One of my k8s deployments has its liveness & readiness probes configured as a tcpSocket on port 1521.

If I create a linkerd server with port 1521 & authorize only one service-account to be able to access that server I just created using server authorization, will the kubelet still be able to check for liveness and readiness probes or will server-authorization block the liveness and readiness probe checks?

[wmorgan]

Depends whether you're doing the authorization with an HTTPRoute or not. See https://linkerd.io/2.12/features/server-policy/#default-authorizations

In order to simplify default-deny setups, Linkerd automatically authorizes probes to pods. These default authorizations apply only when no Server is configured for a port, or when a Server is configured but no HTTPRoutes are configured for that Server. If any HTTPRoute matches the Server, these automatic authorizations are not created and you must explicitly create them for health and readiness probes.