Open Joxit opened 2 years ago
Hi @Joxit we are aware that the connection limits are not configurable on ingress gateway's cluster config - max_connections, max_pending_requests, and max_requests are all at the default (1024). I'm going to transfer this to Core as we'd need to expose via a Config Entry field.
Hey @Joxit
Just an update that we didn't forget about this. This has come up a few times and we're currently tracking this in https://github.com/hashicorp/consul/issues/8722 . We use 👍 's as a way to try and gauge the popularity of a feature request, so I encourage you to thumbs up that issue.
Hi, thanks for the update 😊
Question
Hi there.
TLDR; How to configure
MaxFailures
or envoyconsecutive_5xx
of Ingress Gateway ?I'm using consul for years and now I want to use it with Kubernetes. I'm working with services inside and outside Kubernetes, so I must use the Ingress Gateway for the communication. The issue with Ingress Gateway (and envoy dynamic configuration) is the default consecutive 5xx configuration. This is irrelevant in our use and degrades our performance when returning 5xx. After 5 consecutive 5xx from a backend, envoy returns this message:
no healthy upstream
.I check the consul main repository and found this issue https://github.com/hashicorp/consul/issues/11422 but this did not work (maybe because we should use
ProxyDefaults
for Ingress Gateway?).I also checked the documentation for
ProxyDefaults
Kubernetes YAML with the link to envoy proxy config options and saw this keypassive_health_check
but did not understand if I can and where I can add this in the proxy defaults configuration...In my example bellow, the service returns the wanted status code
curl http://127.0.0.1:8080/status?code=500
will return a status 500 code.CLI Commands (consul-k8s, consul-k8s-control-plane, helm)
Helm Configuration
Steps to reproduce this issue, eg:
values.yaml
:ingressGateways: enabled: true defaults: replicas: 1 service: ports:
port: 30000 nodePort: 30000 gateways:
metrics: defaultEnabled: false server: enabled: true replicas: 1 externalServers: enabled: false client: grpc: true extraConfig: | {"advertise_reconnect_timeout": "1h"} controller: enabled: true dns: enabled: true syncCatalog: enabled: false
containerPort: 8080 resources: requests: { memory: '256Mi' } limits: { memory: '1Gi' } readinessProbe: httpGet: { path: /, port: 8080 } initialDelaySeconds: 20 periodSeconds: 10 livenessProbe: httpGet: { path: /, port: 8080 } initialDelaySeconds: 20 periodSeconds: 10 restartPolicy: Always status: {}
apiVersion: consul.hashicorp.com/v1alpha1 kind: ServiceDefaults metadata: name: statuscode spec: protocol: http upstreamConfig: defaults: passiveHealthCheck: maxFailures: 400 interval: '1s'
apiVersion: consul.hashicorp.com/v1alpha1 kind: ServiceIntentions metadata: name: statuscode spec: destination: name: statuscode sources:
Logs
When I check the ingress-gateway config dump (http://127.0.0.1:19000/config_dump), where is what I found, outlier_detection still empty:
You can access the Ingress Gateway on your computer on port 30000, send 6 times this request:
Current understanding and Expected behavior
Environment details
consul-k8s
version: 0.39.0values.yaml
used to deploy the helm chart: :arrow_up:Additionally, please provide details regarding the Kubernetes Infrastructure, as shown below:
Additional Context