Closed zbitmanis closed 5 years ago
@zbitmanis please enable the proxy-next-upstream: http_502 http_503 http_504
option https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#proxy-next-upstream
in the configuration configmap. By default there is no retries
Closing. Please reopen if the suggested change does not work.
Is this a BUG REPORT or FEATURE REQUEST? (choose one):BUG REPORT
NGINX Ingress controller version: 0.16., 0.17.,0.18.*,0.19.0, 0.20.0, 0.21.0
Kubernetes version (use
kubectl version
):Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.7", GitCommit:"0c38c362511b20a098d7cd855f1314dad92c2780", GitTreeState:"clean", BuildDate:"2018-08-20T09:56:31Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.7", GitCommit:"0c38c362511b20a098d7cd855f1314dad92c2780", GitTreeState:"clean", BuildDate:"2018-08-20T09:56:31Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"} Environment:
uname -a
): Linux k8s-master-35100059-0 4.15.0-1021-azure #21~16.04.1-Ubuntu SMP Fri Aug 10 12:36:09 UTC 2018 x86_64 x86_64 x86_64 GNU/LinuxWhat happened: On load on ingress which points to unavailable upstreams leads to regular livenes probe fail and regular nginx ingress pod restart initiated by kubelet
ingress controllers are located on dedicated nodes (taint + tolerations )
What you expected to happen: ingrress controler should detect that all upstreams are unresolvable
How to reproduce it (as minimally and precisely as possible):
Deploy Pod with exposed port
Deploy Service which which points one to exposed second unexposed port
Deploy ingress
Generate load from single host using tsenart/vegeta
contents of bdload.template GET http://nginx-unresolver-foo.example.org
controller deployment
Anything else we need to know:
enabled to experimental-allowed-unsafe-sysctls='net.ipv4.,net.core. - minimal mitigation the same result Added to nginx-controller