-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Usage of GeoIP2 variables CRASH the ingress in case maxmind-license is out of download quota (or download fails) #11457
Comments
This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Also wondering about the fit of these in your problem https://github.com/ffha/geolite-mirror & https://github.com/clashdev/geolite.clash.dev |
I think, the ingress-nginx really belongs to the most critical building blocks in a k8s-deployment. So I think, it should be as resilient as possible. A hard dependency of an external source introduces a weakness - which in my eyes should be avoided if possible. Yes, these solutions are a workaround, but add additional complexity. Thanks for the tip! |
Thanks @ThorstenEngel for your update. I agree the controller should be resilient. The default values like you suggested help with the Geoip2 use case. I am not a developer. My opinion is different though. Download fails based change in the project code, requires maintenance, that is impossible with available resources. It also sets a undesired precedence for other features of the controller, to expect similar granular out-of-scope code. But please wait for others to comment. |
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach |
@ThorstenEngel I don't know if it helps, but I chose to download the database from a secondary source suggested from @longwuyuan, and mount the mmdb with an initContainer By installing ingress-nginx from Helm I created this initContainer
then a volume and volumemounts
on |
Yes, this would help. I personally switched to AWS Cloudfront headers (they do GeoIP Coding as well, and we use it anyqay). So I have 1 component less to take care of. |
@ThorstenEngel can we close this issue ? |
Hi, I use v1.10.1 of the ingress and have GeoIP2 enabled. If I encounter too many reloads (in my case I was upgrading my EKS-Cluster and the ingress), the database download fails. In consequence, usage of GeoIP2 variables (I use them for populating upstream-headers) will lead to an error.
Excerpt from the log:
When the GeoIP2 database download fails, it causes the ingress to disable the feature, leading to errors due to the missing variables. A viable fix for this case (enabled GeoIP2 feature, missing databases lead to disabled GeoIP2 feature) could be default values like empty strings.
Here is my ConfigMap:
It would be great, if you guys could address this. I currently must disable the GeoIP2 feature, as using it might crash my ingresses.
Warm regards,
thorsten
The text was updated successfully, but these errors were encountered: