Only support dynamic configuration #3198
Conversation
aledbf
added
the
do-not-merge/work-in-progress
k8s-ci-robot
added
approved
k8s-ci-robot
added
the
cncf-cla: yes
aledbf
added
the
do-not-merge/work-in-progress
| @@ -407,35 +401,6 @@ http { | |||
| {{ $cfg.HTTPSnippet }} | |||
| {{ end }} | |||
|
|
|||
| {{ if not $all.DynamicConfigurationEnabled }} | |||
There was a problem hiding this comment.
Since DynamicConfiguration will be the only available option, does that mean that load-balancing algorithms other than round-robin and annotations such as:
- nginx.ingress.kubernetes.io/upstream-max-fails
- nginx.ingress.kubernetes.io/upstream-fail-timeout
will be deprecated as well. If so can they be removed as well in another commit?
There was a problem hiding this comment.
No, we can pass that info to the lua LB
There was a problem hiding this comment.
I wonder how much value they have given we "outsource" healthchecking to k8s instead of doing it in ingress-nginx controller.
I'd rather not complicate Lua balancer logic further unless it's really necessary.
There was a problem hiding this comment.
I'd rather not complicate Lua balancer logic further unless it's really necessary.
Makes sense. That said we already have https://github.com/kubernetes/ingress-nginx/blob/master/rootfs/etc/nginx/lua/balancer.lua#L158. Maybe upstream-max-fails makes sense in this case?
Edit: the docs https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#set_more_tries are not clear about the configuration
There was a problem hiding this comment.
currently doing
ngx_balancer.set_more_tries(1)
retries the request (accring proxy_next_upstream) proxy_next_upstream_tries times. If proxy_next_upstream_tries is set to zero then it will try unlimited times until client timeouts or finally request succeeds.
There was a problem hiding this comment.
Then I will remove this annotations in this PR to keep this simple
| return false, nil, fmt.Errorf(`SSL certificate chain completion cannot be enabled and dynamic configuration cannot be disabled when | ||
| dynamic certificates functionality is enabled. Please check the flags --enable-ssl-chain-completion and --enable-dynamic-configuration`) | ||
| } | ||
|
|
||
| // LuaJIT is not available on arch s390x and ppc64le | ||
| disableLua := false | ||
| if runtime.GOARCH == "s390x" || runtime.GOARCH == "ppc64le" { |
There was a problem hiding this comment.
So this means we are also officially dropping support for s390x and ppc64le as well right? If so can you also cleanup make and build files?
There was a problem hiding this comment.
No, there is luajit support for ppc64le. I think I will disable s390x and ask for users with access to that hardware if they can provide some kind of access.
Edit: I will update this section after the PR is merged, generating a new nginx image (also removing the sticky module)
aledbf
force-pushed
the
only-dynamic
branch
3 times, most recently
from
6812fc8 to
fe56e2d
Compare
| return "" | ||
| } | ||
|
|
||
| func buildUpstreamName(host string, b interface{}, loc interface{}) string { |
There was a problem hiding this comment.
I think you don't need host and b arguments anymore
rootfs/etc/nginx/template/nginx.tmpl
Outdated
| @@ -802,7 +755,7 @@ stream { | |||
| ssl_stapling_verify on; | |||
| {{ end }} | |||
|
|
|||
| {{ if and (not $all.DisableLua) $all.DynamicCertificatesEnabled}} | |||
| {{ if and $all.DynamicCertificatesEnabled}} | |||
rootfs/etc/nginx/template/nginx.tmpl
Outdated
| @@ -1083,7 +1030,7 @@ stream { | |||
| {{ end }} | |||
|
|
|||
| {{/* By default use vhost as Host to upstream, but allow overrides */}} | |||
| {{ if not (empty $location.UpstreamVhost) }} | |||
| {{ if not (empty $location.UpstreamVhost) }}s | |||
There was a problem hiding this comment.
redundant s in the end of line
aledbf
removed
the
do-not-merge/work-in-progress
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aledbf, ElvinEfendi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
No description provided.