Core Concepts
gRPC Health Check Monitor
Monitor gRPC services using the standard Health Checking Protocol
gRPC monitors call the standard gRPC Health Checking Protocol (grpc.health.v1.Health/Check) and map the response to monitor status.
Minimum setup
Set:
hostport(default50051)
Optionally set service to check a specific service name instead of overall server health.
Status logic
The ServingStatus from the health check response maps to:
SERVING→ UPNOT_SERVING→ DOWNUNKNOWN/SERVICE_UNKNOWN→ DEGRADED
Connection errors and timeouts return DOWN.
Configuration fields
| Field | Type | Default | Notes |
|---|---|---|---|
host |
string |
— | Required |
port |
number |
50051 |
Required |
service |
string |
"" |
Fully qualified service name; empty = overall |
tls |
boolean |
false |
Use TLS credentials |
insecure |
boolean |
false |
Skip TLS certificate verification (TLS only) |
timeout |
number |
10000 |
Request deadline in ms |
Example
{
"type": "GRPC",
"type_data": {
"host": "grpc.example.com",
"port": 50051,
"service": "my.package.MyService",
"tls": true,
"timeout": 5000
}
}
Self-signed TLS example
{
"type": "GRPC",
"type_data": {
"host": "grpc.example.com",
"port": 50051,
"tls": true,
"insecure": true,
"timeout": 5000
}
}
Troubleshooting
- Immediate DOWN: wrong host/port, service not running, or firewall blocking the connection
- DEGRADED: server returned
UNKNOWNorSERVICE_UNKNOWN— verify the service name is registered - Timeout: increase
timeoutor check network latency to the gRPC server - TLS errors: ensure the server has a valid certificate, disable
insecure, or check if TLS should be disabled - Self-signed certificate (messages mentioning
--use-system-ca): settls: trueandinsecure: trueon the monitor (same asgrpcurl -insecure). Alternatively, trust the issuer: run Node withNODE_OPTIONS='--use-system-ca'so the OS CA store is used (Node 22+ defaults to bundled CA roots only)