Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Konnect push fails instead of throttling on HTTP 429 #3959

Closed
1 task done
mflendrich opened this issue May 5, 2023 · 4 comments · Fixed by #3989
Closed
1 task done

Konnect push fails instead of throttling on HTTP 429 #3959

mflendrich opened this issue May 5, 2023 · 4 comments · Fixed by #3989
Assignees
@czeslavo @randmonkey
Labels
bug Something isn't working
Milestone
KIC v2.10.0

Comments

@mflendrich
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

If the Konnect config push results in a HTTP 429 (meaning that KIC hit Konnect's rate limit), this gets reported back to the user as an error

time="2023-05-02T11:03:53-07:00" level=error msg="Failed pushing configuration to Konnect" error="performing update for https://us.kic.api.konghq.com/kic/api/runtime_groups/REDACTED failed: failed getting current state for https://us.kic.api.konghq.com/kic/api/runtime_groups/REDACTED: loading configuration from kong: acls: HTTP status 429 (message: \"API rate limit exceeded\")"

Expected Behavior

HTTP 429 should cause KIC to throttle the config push rather than to fail.

@GGabriele says we can achieve this by leveraging an equivalent of Kong/deck#705.

Steps To Reproduce

No response

Kong Ingress Controller version

2.9.*

Kubernetes version

n/a

Anything else?

No response
@mflendrich mflendrich added the bug Something isn't working label May 5, 2023
@mflendrich mflendrich added this to the KIC v2.10.0 milestone May 5, 2023
@randmonkey randmonkey self-assigned this May 6, 2023
@randmonkey
Copy link
Contributor

Retryable is the only option to configure the kong client to retry on 429, but the parameter of retry is not configurable, and the maximum retry time could be near 10 minutes. IHAC that the retry requests may be sent after newer configuration is successfully uploaded, then the outdated configurations may be uploaded.

@pmalek
Copy link
Member

pmalek commented May 8, 2023

@randmonkey Given that Update() call is synchronous after it gets triggered by the dataplane synchronizer timer and also given the fact that KongClient has a lock used in Update() how would you see the old config being applied after the new has been already been sent to datalplane(s)?

@czeslavo
Copy link
Contributor

czeslavo commented May 9, 2023

I think that given the fact that Update calls are synchronous, we should implement the backoff mechanism for Konnect on a higher level than HTTP's client (while still we can somehow try to propagate 429 headers to properly react when it happens).

I imagine we could wrap UpdateStrategy for Konnect to be aware of the backoff strategy and simply skip the update when conditions for the next retry aren't met.

@czeslavo
Copy link
Contributor

czeslavo commented May 9, 2023

Just to visualise my idea with code: 2e743f1

@czeslavo czeslavo mentioned this issue May 11, 2023
Merged
1 task
@czeslavo czeslavo mentioned this issue May 15, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@czeslavo czeslavo

@randmonkey randmonkey

Labels
bug Something isn't working
Projects
None yet
Milestone
KIC v2.10.0
Development

Successfully merging a pull request may close this issue.

feat(konnect): introduce backoff strategy for config updates Kong/kubernetes-ingress-controller
4 participants
@pmalek @mflendrich @czeslavo @randmonkey