Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rate-limit scaling doesn't works for mergable ingresses #5727

Closed
vepatel opened this issue Jun 11, 2024 · 8 comments · Fixed by #5728
Closed

Rate-limit scaling doesn't works for mergable ingresses #5727

vepatel opened this issue Jun 11, 2024 · 8 comments · Fixed by #5728
Assignees
@dbaumgarten
Labels
backlog Pull requests/issues that are backlog items bug An issue reporting a potential bug

Comments

@vepatel
Copy link
Contributor

vepatel commented Jun 11, 2024
edited
Loading

Describe the bug
When configuring rate-limit scaling at master ingress, the rate-limit calculation based of replica count doesn't works (works fine with standard ingress, VS and VSRs)

To Reproduce

  • Install edge build of NIC
  • Configure mergable ingress example with rate-limit and scaling
  • check directives inside the pod.
~/nginx/kubernetes-ingress/charts/nginx-ingress on tests/rate-limit-scaling ● λ k get ing                                                   
NAME                         CLASS   HOSTS              ADDRESS         PORTS     AGE
cafe-ingress-coffee-minion   nginx   cafe.example.com   35.240.31.112   80        71s
cafe-ingress-master          nginx   cafe.example.com   35.240.31.112   80, 443   72s
cafe-ingress-tea-minion      nginx   cafe.example.com   35.240.31.112   80        71s


~/nginx/kubernetes-ingress/charts/nginx-ingress on tests/rate-limit-scaling ● λ k describe ing cafe-ingress-master                          
Name:             cafe-ingress-master
Labels:           <none>
Namespace:        default
Address:          35.240.31.112
Ingress Class:    nginx
Default backend:  <default>
TLS:
  cafe-secret terminates cafe.example.com
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           *     <default>
Annotations:  nginx.org/limit-req-key: ${binary_remote_addr}
              nginx.org/limit-req-rate: 50r/s
              nginx.org/limit-req-scale: true
              nginx.org/limit-req-zone-size: 10M
              nginx.org/mergeable-ingress-type: master
              

~/nginx/kubernetes-ingress/charts/nginx-ingress on tests/rate-limit-scaling ● λ k get po                                                    
NAME                                                     READY   STATUS    RESTARTS   AGE
test-release-nginx-ingress-controller-79754fc5bd-9qnfr   1/1     Running   0          121m
test-release-nginx-ingress-controller-79754fc5bd-hrgp9   1/1     Running   0          121m
test-release-nginx-ingress-controller-79754fc5bd-wdhc5   1/1     Running   0          121m


limit_req_zone ${binary_remote_addr} zone=default/cafe-ingress-coffee-minion:10M rate=50r/s;
limit_req_zone ${binary_remote_addr} zone=default/cafe-ingress-tea-minion:10M rate=50r/s;

Expected behavior

  • It should be divided based on number of replicas

limit_req_zone ${binary_remote_addr} zone=default/cafe-ingress:10M rate=16r/s;

Your environment

  • Version of the Ingress Controller - edge
  • Version of Kubernetes - 1.29
  • Kubernetes platform (e.g. Mini-kube or GCP) - GKE
  • Using NGINX or NGINX Plus - OSS

Additional context
Add any other context about the problem here. Any log files you want to share.
@github-actions GitHub Actions
Copy link

Hi @vepatel thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

@vepatel
Copy link
Contributor Author

vepatel commented Jun 11, 2024
edited
Loading

@dbaumgarten #5113

@vepatel vepatel added bug An issue reporting a potential bug backlog Pull requests/issues that are backlog items labels Jun 11, 2024
dbaumgarten added a commit to dbaumgarten/kubernetes-ingress that referenced this issue Jun 11, 2024
@dbaumgarten
Fix ratelimit-scaling for mergable ingresses nginx#5727
28d22af
@dbaumgarten dbaumgarten mentioned this issue Jun 11, 2024
Merged
6 tasks
@dbaumgarten
Copy link
Contributor

Hi,
damn thats embarassing. So much testing and this still slipt through.
I opened a PR to fix that.

@vepatel
Copy link
Contributor Author

vepatel commented Jun 11, 2024

no worries at all, thanks for the quick fix 👍🏼

@vepatel vepatel linked a pull request Jun 11, 2024 that will close this issue
Fix ratelimit-scaling for mergable ingresses #5727 #5728
Merged
6 tasks
@vepatel
Copy link
Contributor Author

vepatel commented Jun 11, 2024 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cafe-ingress-master
  annotations:
    nginx.org/mergeable-ingress-type: "master"
    nginx.org/limit-req-rate: 50r/s
    nginx.org/limit-req-key: ${binary_remote_addr}
    nginx.org/limit-req-zone-size: 10M
    nginx.org/limit-req-scale: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - cafe.example.com
    secretName: cafe-secret
  rules:
  - host: cafe.example.com


limit_req_zone ${binary_remote_addr} zone=default/cafe-ingress-coffee-minion:10M rate=16r/s;
limit_req_zone ${binary_remote_addr} zone=default/cafe-ingress-tea-minion:10M rate=16r/s;

Fixed! thanks @dbaumgarten

@vepatel
Copy link
Contributor Author

vepatel commented Jun 12, 2024
edited
Loading

hey @dbaumgarten , there seems to be an issue when i'm installing NIC using manifests https://docs.nginx.com/nginx-ingress-controller/installation/installing-nic/installation-with-manifests/
the scaling doesn't seems to work at all. Can you please try it on your end and see if its the same?
Policy:

apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
  name: rate-limit-policy
spec:
  rateLimit:
    rate: 50r/s
    key: ${binary_remote_addr}
    zoneSize: 10M
    scale: true

replicas:

~/nginx/kubernetes-ingress/deployments on tests/rate-limit-scaling ● λ k get po -n nginx-ingress 
NAME                             READY   STATUS    RESTARTS   AGE
nginx-ingress-5676dd465f-bzhkb   1/1     Running   0          9s
nginx-ingress-5676dd465f-kq829   1/1     Running   0          9s
nginx-ingress-5676dd465f-mjlz5   1/1     Running   0          9s

conf:

limit_req_zone ${binary_remote_addr} zone=pol_rl_default_rate-limit-policy_default_webapp:10M rate=50r/s;

@vepatel vepatel reopened this Jun 12, 2024
@dbaumgarten
Copy link
Contributor

Hi,
this feature relies on a service being present for the ingress-pods. Also the controller must be configured with the correct name for the service.

The default deployment does not seem to set "-external-service" by default: https://github.com/nginxinc/kubernetes-ingress/blob/main/deployments/deployment/nginx-ingress.yaml#L96

Once this setting is set (and the referenced service exists) the scaling-feature should work just fine.

@vepatel
Copy link
Contributor Author

vepatel commented Jun 12, 2024

thanks @dbaumgarten

@vepatel vepatel closed this as completed Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dbaumgarten dbaumgarten

Labels
backlog Pull requests/issues that are backlog items bug An issue reporting a potential bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix ratelimit-scaling for mergable ingresses #5727 dbaumgarten/kubernetes-ingress
2 participants
@dbaumgarten @vepatel