Ingress controller pod restart causes gse monitor port to change to service port definition.

Question

Ingress controller pod restart causes gse monitor port to change to service port definition.

tammyandlee opened this issue 2 years ago · 6 comments

Describe the bug
Whenever the ingress controller pod restarts due to rescheduling it resets the gse monitor port to match the service entry and not the configured nodeport monitor port. This makes the netscaler think the application is down.

Slack Channel
To request an invitation to participate in the Slack channel, please supply your email address using this form: https://podio.com/webforms/22979270/1633242

To Reproduce

Steps (restart the ingress controller pod manually)
Version of the Citrix Ingress Controller 1.28.2
Version of MPX/VPX/CPX
Environment variables (minus secrets)

Expected behavior
A clear and concise description of what you expected to happen.
The existing configured working monitor port should not be overwritten.
Logs
kubectl logs

Additional context
Add any other context about the problem here.

Answer 1 · 2023-01-30T18:00:13.000Z

Hi Lee Evans,

As part of GSLB with Citrix Ingress Controller, we try to auto create GSE based on the ingress IP and Port. This is necessary for deployments where ingress IP is dynamically assigned.
When CIC reboot happens, it tries to see, if GSE can be configured automatically and if it is able to find the ingress IP and Port, it will auto create GSE, which might overwrite the manually applied GSE.

Currently, if you are using Citrix Ingress Controller, then you can disable the ingress status update so that GSE is not auto created. To do this, in the Citrix Ingress Controller yaml, it is necessary to specify "--update-ingress-status" as no. You can refer the below link for more details.
https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/ingress-classes.html#updating-the-ingress-status-for-the-ingress-resources-with-the-specified-ip-address

We would be happy to know, if disabling ingress status fixed the issue for you.
Meanwhile, we are thinking of providing a config knob to enable/disable auto creation of GSE.

Regards,
Viswanath

Answer 2 · 2023-01-30T20:06:30.000Z

Thank you for your quick reply. We have been trying to figure this out for some time!

Answer 3 · 2023-01-31T14:19:07.000Z

Hi Viswanath,

We are seeing inconsistence in the services it leaves alone. About a half of the configured gse's get reverted to default when we add the '--update-ingress-status no' to the operator. Any idea why? All are configured the same just the port varies.

Thanks again in advance for any help,

Lee

Answer 4 · 2023-02-01T05:08:28.000Z

Check "kubectl get ingress", if the IP/Domain, port is populated, it would pick it... If there is service type LB with IP and port status updated, it would pick it automatically as well. You can also disable the status update through RBAC and check...

Answer 5 · 2023-05-30T08:53:28.000Z

Hi @tammyandlee can we close this if all the questions are answered ?

Answer 6 · 2023-05-30T12:38:14.000Z

Yes Sorry closing now.