This was an ask that came from app-sre as the readyz and healthz endpoints are both served at the introspection port and not the generic http traffic port so in a traditional deployment (and for clair.quay.io) they are internal (like the /metrics and /pprof endpoints). We need an external endpoint without auth for the 3 components to be able to effectively monitor the service externally.

It might be an idea to do something more interesting than a basic healthcheck that will return 200OK.

Ideas:

• Basic endpoint to return 200OK.
• /.well-known(/api-catalog) type endpoint that describes the available endpoints of the service.
• /robots.txt that disallows crawling for everything (might be useless as it might not be at the domain root if the components are served at /indexer, /matcher etc.)