Comments (16)
k8s-ci-robot
commented on May 26, 2024
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from ingress-nginx.
longwuyuan
commented on May 26, 2024
Is it possible for you to get logs and events from those 20-30 secnds
from ingress-nginx.
longwuyuan
commented on May 26, 2024
/remove-kind bug
/triage needs-information
from ingress-nginx.
torvald
commented on May 26, 2024
torvald@surdeig ~ $ date; time kubectl patch ing tech-radar-auth --type='json' -p='[{"op": "add", "path": "/metadata/labels/testing", "value": "testing"}]'; date;
Mon Apr 15 09:29:26 AM CEST 2024
ingress.networking.k8s.io/tech-radar-auth patched
real 0m19.327s
user 0m0.350s
sys 0m0.067s
Mon Apr 15 09:29:45 AM CEST 2024
Excluding lines containing:
- "remote_addr" (pattern not to include pure request logs and client IP addresses)
- "Endpoint"
- "body is buffered"
- "Error getting SSL certificate"
- "Unexpected error validating SSL certificate"
- "does not contain a Common Name"
I'm left with these for the time period as mention above + 15 sec (09:29:26 - 09:29:59):
2024-04-15 09:29:45.477 admission.go:149] processed ingress via admission controller {testedIngressLength:269 testedIngressTime:18.855s renderingIngressLength:269 renderingIngressTime:0.002s admissionTime:9.5MBs testedConfigurationSize:18.857}
2024-04-15 09:29:45.478 main.go:107] "successfully validated configuration, accepting" ingress="infra/tech-radar-auth"
2024-04-15 09:29:45.486 event.go:298] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"infra", Name:"tech-radar-auth", UID:"e635a88c-e72e-401f-8a9a-afa536b06c11", APIVersion:"networking.k8s.io/v1", ResourceVersion:"3624067364", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
2024-04-15 09:29:45.486 event.go:298] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"infra", Name:"tech-radar-auth", UID:"e635a88c-e72e-401f-8a9a-afa536b06c11", APIVersion:"networking.k8s.io/v1", ResourceVersion:"3624067364", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
2024-04-15 09:29:45.487 event.go:298] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"infra", Name:"tech-radar-auth", UID:"e635a88c-e72e-401f-8a9a-afa536b06c11", APIVersion:"networking.k8s.io/v1", ResourceVersion:"3624067364", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
But for completeness sake, here is the full dump (redacted for business info, and all request logs are excluded): nginx-logs-ing-update-2024-04-15 09 33 02.414.txt
from ingress-nginx.
longwuyuan
commented on May 26, 2024
- Does the node on which the controller pods are scheduled see any resource crunch
- Have you configured limits and resources on the pods
There are lots of ssl errors and if you are saying that you submit lots of new ingress json to the api-server and the controller pod needs to reconcile & sync while there is resource crunch, then the stats could be the impact
from ingress-nginx.
torvald
commented on May 26, 2024
- Does the node on which the controller pods are scheduled see any resource crunch
No, we have fairly low utilization on all node. These are the three nodes from the same point (marked with the arrows) in time as the previous mentioned test. CPU to the left, memory to the right.
- Have you configured limits and resources on the pods
Yes, full deployment manifest here.
resources:
requests:
cpu: 5000m
memory: 8000Mi
limits:
memory: 8000Mi
There are lots of ssl errors and if you are saying that you submit lots of new ingress json to the api-server and the controller pod needs to reconcile & sync while there is resource crunch, then the stats could be the impact
Events that make nginx sync data can be seen here, my test from earlier is marked, a period of low «sync volume».
Yes, there are a unfortunate amount of SSL errors. Zooming out, these are rather constant and I don't feel like they should affect the validation of my config to the point it take 20s. Following the same argument, there should be periods of low resource crunch where we should see validation duration of only a few seconds, but we don't.
I can try and eliminate the SSL errors before going further to get rid of this suspicion.
from ingress-nginx.
Related Issues (20)
- SSL Handshake Failure When Mapping to External HTTPS Service (AWS CloudFront + S3) in Nginx Ingress HOT 4
- Error from server (NotFound): services "nginx-ingress-nginx-ingress" not found HOT 3
- Can't include $ in permanent-redirect URL annotation HOT 2
- strict-validate-path-type does not allow period/dot/. in Exact or Prefix path HOT 15
- Make Nginx auth_request module to be able to expose auth error body when needed HOT 3
- Confusing `namespace` label in SSL metrcis HOT 4
- Nginx 503 error why trying rewrite ingress address HOT 7
- [helm chart] Include optional "topologySpreadConstraints" in defaultbackend HOT 1
- CVE Finding HOT 1
- namespaced ingress doesn't work as expected HOT 12
- nginx proxy k8s service test pod internal normal, ep normal, but nginx can not proxy normally HOT 4
- Incorrect handling of long URLs [draft] HOT 17
- Upstream Prematurely Closed Connection While Reading Response Header From Upstream HOT 13
- Support `grpc_read_timeout` and `grpc_send_timeout` in annotations HOT 5
- removed GeoIP package as part of ingress nginx v1.9.4, Ingress pods in Crashloopbackoff status HOT 4
- Slack dead HOT 5
- Predefined `server-snippet` that can only be reference and used in ingress HOT 4
- Bind custom port - Feature or Bug? HOT 3
- nginx ingress - tcp services source ip not preserved HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ingress-nginx.