-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(argo-cd): Pass argocd-server's ALB health check #2553
Conversation
Signed-off-by: yu-croco <yu.croco@gmail.com>
charts/argo-cd/values.yaml
Outdated
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features | ||
backendProtocolVersion: HTTP2 | ||
## This tells AWS to send traffic from the ALB using gRPC. Can use HTTP2 as well | ||
## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings | ||
backendProtocolVersion: GRPC | ||
# -- Service type for the AWS ALB gRPC service | ||
## Can be of type NodePort or ClusterIP depending on which mode you are running. | ||
## Instance mode needs type NodePort, IP mode needs type ClusterIP | ||
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic | ||
serviceType: NodePort | ||
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/how-it-works/#ingress-traffic | ||
serviceType: ClusterIP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yu-croco I would keep NodePort
as is. The instance mode is default for AWS load balancer controller. The ClusterIP
is needed only for alb.ingress.kubernetes.io/target-type: ip
or by this default for the deployment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your review.
Then what about adding comments for IP mode
? 🙋
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yu-croco it's already there :)
# -- Service type for the AWS ALB gRPC service
## Can be of type NodePort or ClusterIP depending on which mode you are running.
## Instance mode needs type NodePort, IP mode needs type ClusterIP
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe like this...? 🤔
# AWS specific options for Application Load Balancer
# Applies only when `serv.ingress.controller` is set to `aws`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
+ # The default value is for `Instance mode`. If you use `IP mode`, please refer https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd#aws-application-load-balancer.
aws:
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
+ ## If you use `IP mode` for ALB controller, please configure as `GRPC`.
+ ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
backendProtocolVersion: HTTP2
# -- Service type for the AWS ALB gRPC service
## Can be of type NodePort or ClusterIP depending on which mode you are running.
## Instance mode needs type NodePort, IP mode needs type ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/how-it-works/#ingress-traffic
serviceType: NodePort
[updated]
delayed to post the message, resolved in previous message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pdrastil As reported, if protocol version of target group (for gRPC Service) is HTTP2, the health check setting of the TG become invalid and target become unhealthy.
So aws.backendProtocolVersion is not selectable indeed.
I think this is the point of this issue.
On the other hand, serviceType
is certainly selectable corresponding to AWS LBC's mode(instance / ip), and it's irrelevant to the issue of unhealthy target.
Therefore, I think the default value of serviceType
need not to be changed in this PR and keeping NodePort
as default is reasonable as well as AWS LBC's default mode is instance
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my experience with ALB (and AWS EKS) serviceType is for sure relevant.
If you use ClusterIP
and ALB target-type ip
the health checks are handled different than in NodePort
together with instance
.
instance
by default checks traffic path until nodesip
always tries to check directly to the pod and uses/
and "traffic port" as the default health-checking parameters
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mkilchhofer Thank you, my understanding seems incorrect.
More precicely speaking:
backendProtocolVersion
=HTTP2
andserviceType
=ClusterIP
(i.e. LBC isip
mode) -> unhealthy (my case)backendProtocolVersion
=HTTP2
andserviceType
=NodePort
(i.e. LBC isinstance
mode) -> healthy (your case)backendProtocolVersion
=GRPC
andserviceType
=ClusterIP
(i.e. LBC isip
mode) -> healthy (my case)backendProtocolVersion
=GRPC
andserviceType
=NodePort
(i.e. LBC isinstance
mode) -> healthy (probably?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signed-off-by: yu-croco <yu.croco@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Signed-off-by: yu-croco <yu.croco@gmail.com>
Resolves #2552
Checklist: