Why are VPC load balancer health checks failing on my worker nodes?

When you check the Health Status section of your VPC load balancer details, the health checks for your load balancer worker nodes are failing.

To check the VPC loadbalancer health status, navigate to the Load balancers for VPC page in the console. Click on the relevant load balancer and review the details in the Health Status section.

Depending on how your load balancer is configured, failing health checks might be the expected behavior and do not necessarily indicate a problem. If the externalTrafficPolicy setting for the load balancer service is set to Local, incoming traffic is delivered only to the application pod residing on the node that the traffic enters. If the load balancer tries to connect to any node that does not have an application pod, the traffic is dropped and the health check fails. This is the intended behavior for the externalTrafficPolicy: Local setting and ensures that the traffic is routed correctly.

If the load balancer service is configured with the externalTrafficPolicy set to Local and there are no service disruptions, then the health checks are functioning as intended and you do not need to take any action.

If you are not sure how the externalTrafficPolicy setting is configured, run oc get svc <loadbalancer_name> -n <namespace> -o yaml and look for externalTrafficPolicy in the output.