You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I’ve been trying to enable k8s endpoint resolver to use more advanced load balancing. Despite precisely following the documentation and the official helm charts I still can’t get it to work.
To Reproduce
Steps to reproduce the behavior:
Use Ambassador OSS 1.13.1 (single namespace) with configuration from k8s service annotations.
Define rbac according to the official helm chart (single namespace)
Don't no CRDs and related rbac
Define KubernetesEndpointResolver
use the resolver in one of the mappings (round_robin load_balancer policy for example) to a NodePort k8s service
Expected behavior
I would expect endpoint based resolving to work.
Versions (please complete the following information):
Ambassador OSS 1.13.1
GKE 1.17
Additional context
Some details
I use single namespace configuration (AMBASSADOR_SINGLE_NAMESPACE="true")
Ambassador is configured using K8s service annotations
In the Ambassador logs I saw no healthy host for HTTP connection pool in the context of services that use the resolver. defined rbac in a single namespace scope (official helm chart for reference) didn’t create CRDs (since k8s service annotation are used for configuration.
What I tired to do
Although I’m running in a single namespace configuration (namespace is automatically prefixed to generated envoy clusters), I even tried adding the namespace as a suffix (.${AMBASSADOR_NAMESPACE}) to service like suggested by @cindy Mullins, didn’t help.
deleting the ports from the service (i.e. service: notification-http:80 -> service: notification-http)
adding namespace to KubernetesEndpointResolver definition
Changing the k8s service to ClusterIP from NodePort
Attached is
yaml spec of one mapping which uses the resolver
useful screenshots from Ambassador diagnostic UI
Ambassador module configuration
TLSContext is omitted for bravity
Needless to say that when I delete the resolver and load_balancer keys from the mappings - everything works as before, so I know that my configuration is correct and there is a specific issue with KubernetesEndpointResolver.
My guess is that the misconfiguration is related to namespaces, because there are no permissions related error logs in the a8r container.
deleting/restarting the pods exposed by the k8s service in the mapping which uses the endpoints resolver
deleting/restarting Ambassador pods
Now Ambassador will discover the endpoints and route traffic to the relevant pods.
I don’t understand why it works like that, shouldn’t endpoint discovery be automatic? our deployments are upgraded quite frequently and I don’t see a reason to restart Ambassador after each deployment.
khussey
changed the title
KubernetesEndpointResolver doesn’t work
Regression: KubernetesEndpointResolver doesn’t work
Apr 28, 2021
Describe the bug
I’ve been trying to enable k8s endpoint resolver to use more advanced load balancing. Despite precisely following the documentation and the official helm charts I still can’t get it to work.
To Reproduce
Steps to reproduce the behavior:
round_robin
load_balancer policy for example) to a NodePort k8s serviceExpected behavior
I would expect endpoint based resolving to work.
Versions (please complete the following information):
Additional context
Some details
What I tired to do
Attached is
Needless to say that when I delete the resolver and load_balancer keys from the mappings - everything works as before, so I know that my configuration is correct and there is a specific issue with KubernetesEndpointResolver.
My guess is that the misconfiguration is related to namespaces, because there are no permissions related error logs in the a8r container.
Also this is a log from Ambassador when a request is made to another service that uses the resolver:
The text was updated successfully, but these errors were encountered: