search

apache / solr-operator

Official Kubernetes operator for Apache Solr
https://solr.apache.org/operator
Apache License 2.0
246 stars 111 forks source link

HTTP app protocol on services prevents recovery over http2 #640

Closed ianp94 closed 11 months ago

ianp94 commented 12 months ago

Hello,

We've encountered a challenge regarding the health of our Solr collections. Specifically, when they fall into an unhealthy state and initiate a recovery, in some scenarios an http2 recovery call is triggered. Unfortunately, this call is currently blocked by our service mesh. The blockage seems to stem from the app protocol setting which the solr-operator applies to every service in the namespace.

To circumvent this, our team is exploring the possibility of configuring the application to utilize https. Our understanding is that this adjustment will permit the http2 requests to proceed unblocked, as indicated in your code logic.

While it's possible that some configuration nuances might lie on our side, I believe it's worthwhile to consider potential refinements to the solr-operator, especially given that the underlying service still accommodates http2 recovery. This consideration seems particularly relevant in light of a recent issue discussing the addition of http as the app protocol.

If it would assist our discussion, I'm prepared to share code snippets and stack traces. However, considering the context provided in the mentioned issue, they might not be necessary for this particular conversation.

Thank you for your time and consideration. Looking forward to your insights!

HoustonPutman commented 12 months ago

So this looks to be something that only serviceMeshes look at, so its hard to test on our side. Since Solr supports both http1 and http2, its not really possible to choose just one of them. Is the only way forward to remove the appProtocol for the Solr services? (We can keep it for the prometheus exporter possibly?)

ianp94 commented 12 months ago

I believe that would be the correct way forward. I think it should still be applied when solrTLS is enabled, as the https protocol does support both http/1.1 and http/2, but for unsecured services the app protocol is too restrictive.

tommylogik commented 12 months ago

Is it possible to expand this fix to be capable of being overwritten/bypassed completely if there are any issues or side-effects in the future?

HoustonPutman commented 11 months ago

It's possible, but currently none of the port options are customizable for the services. I think it would be practical to change this, but I'm not sure if I would target v0.8.0 for the change, since the release will likely come out next week.