GeoIP2 files present in /etc/ingress-controller/geoip, but the controller logs show "GeoLite2-City.mmdb not found"

[iwishiknewcoding]

What happened: I tried to download GeoIP2 databases from MaxMind manually, and attach them as a volume. The files (GeoLite2-City.mmdb and GeoLite2-ASN.mmdb) are present in the machine under /etc/ingress-controller/geoip, with www-data:www-data permissions. However, upon startup, I still see these logs:

2024-06-13T01:02:07+04:00 E0612 21:02:07.228566       6 maxmind.go:74] GeoLite2-City.mmdb not found
2024-06-13T01:02:07+04:00 W0612 21:02:07.228724       6 store.go:1103] The GeoIP2 feature is enabled but the databases are missing. Disabling

What you expected to happen: I expected the nginx controller to use the databases from the filesystem, because I want to avoid overhead of downloading from MaxMind on every new node launch in my Kubernetes cluster.

NGINX Ingress controller version: v1.0.5

Kubernetes version: v1.28.9-eks-036c24b

Environment:

• Cloud provider or hardware configuration: AWS EKS
• OS (e.g. from /etc/os-release): Alpine Linux 3.14.2
• Kernel (e.g. uname -a): Linux ingress-nginx-controller-4pvrl 5.10.217-205.860.amzn2.x86_64
• Install tools:
  • EKS: from AWS GUI.
• Basic cluster related info:
  • kubectl version

Kustomize Version: v4.5.7
Server Version: version.Info{Major:"1", Minor:"28+", GitVersion:"v1.28.9-eks-036c24b", GitCommit:"f75443c988661ca0a6dfa0dc01ea82dd42d31278", GitTreeState:"clean", BuildDate:"2024-04-30T23:54:04Z", GoVersion:"go1.21.9", Compiler:"gc", Platform:"linux/amd64"}

• kubectl get nodes -o wide

NAME                                           STATUS   ROLES    AGE     VERSION               INTERNAL-IP     EXTERNAL-IP      OS-IMAGE         KERNEL-VERSION                  CONTAINER-RUNTIME
ip-172-31-14-134.eu-north-1.compute.internal   Ready    <none>   11h     v1.28.8-eks-ae9a62a   172.31.14.134   11.12.13.14     Amazon Linux 2   5.10.217-205.860.amzn2.x86_64   containerd://1.7.11

• How was the ingress-nginx-controller installed:

  • With the old method of mandatory.yaml.

• Current State of the controller:

  • kubectl describe ingressclasses

Name:         nginx
Labels:       app.kubernetes.io/component=controller
              app.kubernetes.io/instance=ingress-nginx
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=ingress-nginx
              app.kubernetes.io/version=1.0.5
              helm.sh/chart=ingress-nginx-4.0.8
Annotations:  <none>
Controller:   k8s.io/ingress-nginx
Events:       <none>

• Others:
  • Attached volume with these:

    spec:
      volumes:
        - name: geoip-volume
          persistentVolumeClaim:
            claimName: geoip-efs-claim
          volumeMounts:
            - name: geoip-volume
              mountPath: /etc/ingress-controller/geoip

The above volume contains the files as mentioned already. The files are also accessible in the nginx ingress controller pods.

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[iwishiknewcoding]

I think I found the issue, the v1.0.5 version looks for those files in /etc/nginx/geoip (which was later changed with this commit), but when I attach the volume into that directory, then I'm getting this error on startup:

Error: exit status 1
Error Opening file /etc/nginx/geoip/GeoIP.dat
2024/06/12 22:19:07 [emerg] 25#25: GeoIP_open("/etc/nginx/geoip/GeoIP.dat") failed in /tmp/nginx-cfg2362337476:116
nginx: [emerg] GeoIP_open("/etc/nginx/geoip/GeoIP.dat") failed in /tmp/nginx-cfg2362337476:116
nginx: configuration file /tmp/nginx-cfg2362337476 test failed

Because obviously these files are not present anymore, because I only include the .mmdb files for GeoIP2.

[iwishiknewcoding]

I have disabled use-geoip: false now, and it all started to work. However, I think we are using GeoIP as well in our organization. Can I have both of them enabled?

[longwuyuan]

/remove-kind bug

Geoip legacy support was dropped in controlller v1.10 . So you could potentially use only geoip legacy in older versions of controller. I am not convinced you can have both enabled concurrently.

/close

[k8s-ci-robot]

@longwuyuan: Closing this issue.

In response to this:

/remove-kind bug

Geoip legacy support was dropped in controlller v1.10 . So you could potentially use only geoip legacy in older versions of controller. I am not convinced you can have both enabled concurrently.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.