feat: add validDns option and headless distributor to Nginx #366
Conversation
Signed-off-by: Loc Mai <lmai@axon.com>
Signed-off-by: Loc Mai <lmai@axon.com>
|
It is indeed. I think @juan-ramirez-sp tried the #330 but didn't work, see this Slack discussion https://cloud-native.slack.com/archives/CCYDASBLP/p1654268570724589 . We tested this change on our deployment and it works nicely. Me and @gburton1 could take a look at the #339 though, I think it's pretty similar. |
Ah okay upon further investigation: https://serverfault.com/questions/240476/how-to-force-nginx-to-resolve-dns-of-a-dynamic-hostname-everytime-when-doing-p this seems to be a ongoing issue for a lot of people. The best solution might be this or #339 which is effectively the same |
values.yaml
Outdated
| @@ -1276,7 +1276,10 @@ nginx: | |||
| # setHeaders: | |||
| # X-Scope-OrgID: $remote_user | |||
| basicAuthSecretName: "" | |||
|
|
|||
| # -- (optional) Including the valid parameter to the `resolver` directive to re-resolve names every `dnsValid` seconds/minutes | |||
| dnsValid: "" | |||
There was a problem hiding this comment.
Since this is broken now, I would be happy to see a default that behaves nicely.
| dnsValid: "" | |
| dnsValid: "15s" |
There was a problem hiding this comment.
Yeah great idea. Anyone wanna change the option name? I see in the other PR they have dnsTTL.
By the way, after I re-tested the whole case here, it looks like the valid=15s is all we need to solve the problem (no headless service change required).
templates/nginx/nginx-config.yaml
Outdated
| @@ -71,7 +71,7 @@ data: | |||
|
|
|||
| # Distributor Config | |||
| location = /ring { | |||
| proxy_pass http://{{ template "cortex.fullname" . }}-distributor.{{ $rootDomain }}$request_uri; | |||
| proxy_pass http://{{ template "cortex.fullname" . }}-distributor{{- if .Values.nginx.config.distributorHeadless }}-headless{{- end }}.{{ $rootDomain }}$request_uri; | |||
There was a problem hiding this comment.
I think headless should be applied to all distributor endpoints below also.
There was a problem hiding this comment.
have you tried this? with headless you get multiple dns results with the pod individual ip address. Does "load-balancing" still work?
values.yaml
Outdated
| # -- (optional) Including the valid parameter to the `resolver` directive to re-resolve names every `dnsValid` seconds/minutes | ||
| dnsValid: "" | ||
| # -- (optional) If true Nginx will use the distributor headless service for `/ring` path. See https://github.com/kubernetes/kubernetes/issues/24092 | ||
| distributorHeadless: false |
There was a problem hiding this comment.
Like @gburton1 suggested if we replace everything with the headless service we don't need that config option here
|
but @locmai I don't quite understand how |
Yeah I think it's not. As I mentioned in the comment above, I tested again and the This may put some more load on the nginx though. |
Do you just wanna go ahead with only the |
Signed-off-by: Loc Mai <lmai@axon.com>
…/cortex-helm-chart into nginx-to-use-headless-distributor Signed-off-by: Loc Mai <lmai@axon.com>
Signed-off-by: Loc Mai <lmai@axon.com>
Sounds like a hiccup/flaky test @@ |
Please render the chart locally and check if there are no mistakes |
Signed-off-by: Loc Mai <lmai@axon.com>
|
oh shoot, got it now :D |
|
@locmai I think the nginx config is wrong. How does that work for you o.O Should be
http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver |
Signed-off-by: Loc Mai <lmai@axon.com>
|
@nschad sorry my bad. Templated out here: missed the |
Signed-off-by: Loc Mai lmai@axon.com
What this PR does:
Address the NGINX issue on Kubernetes when rolling restart the distributor pods would cause an amount of ingestion failures on the write path.
This is more of a Kubernetes issue but we could have this as a work around. See kubernetes/kubernetes#24092
Which issue(s) this PR fixes:
No issue created.
Template results
nginx-config - configmap:
Checklist
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]cc @juan-ramirez-sp @gburton1