NIC deletes all listeners when rejecting new listener on reserved port
Brad Bishop
b.bishop at stp.co.nz
Fri Dec 8 04:55:12 UTC 2023
Hi Folks,
We're using NGINX Ingress Controller 3.0.2 (NGINX 1.23.3) in AKS on a couple AKSUbuntu-2204gen2containerd-202309.06.0 nodes. We do regular helm release installs of a single-tenanted TCP & HTTP service for law firms. Today we had a P1 issue when we added a listener for a new law firm to GlobalConfiguration and set the port number to 9113. NGINX rejected the change because 9113 is reserved for prometheus - fair enough. But it also immediately deleted all other existing listeners, which broke 100 TransportServers and blocked access to 100 law firms. We reproduced this on a second AKS cluster. Is this the intended behaviour?
I expected in this case that NGINX would reject the bad config and revert to last-good config, and the docs suggest this is what should happen:
https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource/#:~:text=the%20Ingress%20Controller%20will%20ignore%20the%20new%20version
Thanks,
Brad Bishop
More information about the nginx
mailing list