Performance Issue: Ingress creation in a cluster with many existing ingresses get slow admission webhook response #11115
Comments
|
This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-triage
|
@tjamet Hello, could you please help me take a look at this issue? |
|
what is the output of |
{our-internal-harbor-address}/library/ingress-nginx/controller:v0.43.0@sha256:2b29d459bb978bc773fcfc824a837bb52d6223aba342411d22d61522e58f811b |
|
Can you install a release from this project
…On Wed, 13 Mar, 2024, 5:51 pm bysph, ***@***.***> wrote:
kubectl -n ingess-nginx describe po | grep -i image:
***@***.***
:2b29d459bb978bc773fcfc824a837bb52d6223aba342411d22d61522e58f811b
—
Reply to this email directly, view it on GitHub
<#11115 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABGZVWTBADBKD6YCYMV6I3TYYBAETAVCNFSM6AAAAABET33BEGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOJUGI3DCNZSGY>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
/assign |
|
Ingress NGINX is always doing a full test of all Ingresses, so compiling all of them together and checking if the resulting |
|
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach |
github-actions
bot
added
the
lifecycle/frozen
|
Please re-open the issue when ready to re-engage and move forward on this. Thanls. For now we are closing the issue because there is no traction for long time and open issues are piling up /close |
|
@longwuyuan: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What happened:
When creating a new ingress in a cluster with over 1000 ingresses, the operation takes more than 3 seconds.
Even worse, if I create ingresses concurrently (150+), the response time of the ingress controller will increase to 10+ seconds, which will cause the API server time out.
In real-world scenarios, we will concurrently submit a large number of Spark tasks(Because they are scheduled to run at specific times), this issue can result in certain task submissions failing.
What you expected to happen:
I believe that processing time should ideally be within a few hundred milliseconds.
I have reviewed the admission webhook's code and noticed that it validates not only the new ingress but also all existing ingresses, potentially causing longer processing times.
The PR for the admission webhook (#3802) indeed confirms this intentional design. I'd like to understand the reasoning behind this decision and whether you have considered change to the another option mentioned by the original author.
NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):
v0.43.0
Kubernetes version (use
kubectl version):v1.19.3
The text was updated successfully, but these errors were encountered: