Vault health-check in a forwarding mode

Hi all,
I’m configuring my vault cluster to work behind a load-balancer, as for now I’ve configured all nodes to respond to any request - active node is responding directly and standby nodes are responding to the client, by forwarding the requests internally to the active node.

I’m now at the LB configuration, if I’m using the ‘/v1/sys/health’ health check - it responses ‘429’ to each non-active node and blocks traffic to this node, so actually, even if all nodes can handle requests - only 1 nodes is considered as ‘healthy’ to the LB and all traffic is redirected to it.

How did you configure the LB on your organization?


Just for the documentation - adding the parameter ‘standbyok’ solves this issue.
For example, http://localhost:8200/v1/sys/health?standbyok