NIC deletes all listeners when rejecting new listener on reserved port
Brad Bishop
b.bishop at stp.co.nz
Fri Dec 8 11:48:50 UTC 2023
Will do, thanks.
________________________________
From: nginx <nginx-bounces at nginx.org> on behalf of J Carter <jordanc.carter at outlook.com>
Sent: Friday, December 8, 2023 10:56:57 PM
To: nginx at nginx.org <nginx at nginx.org>
Subject: Re: NIC deletes all listeners when rejecting new listener on reserved port
[You don't often get email from jordanc.carter at outlook.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Hi Brad,
I'd recommend raising your concern the NIC Github repo's issue tracker.
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnginxinc%2Fkubernetes-ingress%2Fissues&data=05%7C02%7Cb.bishop%40stp.co.nz%7C472235cf4ee94fc960aa08dbf7d40f98%7C5265a077601f4313b5e9946c239ec817%7C1%7C0%7C638376328252310922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ztY5XRbYO2%2FnYPCuGNNWtorCYVupeqYgZxw0OEkCjTg%3D&reserved=0<https://github.com/nginxinc/kubernetes-ingress/issues>
On Fri, 8 Dec 2023 04:55:12 +0000
Brad Bishop via nginx <nginx at nginx.org> wrote:
> Hi Folks,
>
> We're using NGINX Ingress Controller 3.0.2 (NGINX 1.23.3) in AKS on a couple AKSUbuntu-2204gen2containerd-202309.06.0 nodes. We do regular helm release installs of a single-tenanted TCP & HTTP service for law firms. Today we had a P1 issue when we added a listener for a new law firm to GlobalConfiguration and set the port number to 9113. NGINX rejected the change because 9113 is reserved for prometheus - fair enough. But it also immediately deleted all other existing listeners, which broke 100 TransportServers and blocked access to 100 law firms. We reproduced this on a second AKS cluster. Is this the intended behaviour?
>
> I expected in this case that NGINX would reject the bad config and revert to last-good config, and the docs suggest this is what should happen:
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.nginx.com%2Fnginx-ingress-controller%2Fconfiguration%2Fglobal-configuration%2Fglobalconfiguration-resource%2F%23%3A~%3Atext%3Dthe%2520Ingress%2520Controller%2520will%2520ignore%2520the%2520new%2520version&data=05%7C02%7Cb.bishop%40stp.co.nz%7C472235cf4ee94fc960aa08dbf7d40f98%7C5265a077601f4313b5e9946c239ec817%7C1%7C0%7C638376328252310922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JZqVSxsr3JyFAtUEa%2ByLnpaW5%2FdabvQJc8qUkBmfkgg%3D&reserved=0<https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource/#:~:text=the%20Ingress%20Controller%20will%20ignore%20the%20new%20version>
>
> Thanks,
> Brad Bishop
_______________________________________________
nginx mailing list
nginx at nginx.org
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx&data=05%7C02%7Cb.bishop%40stp.co.nz%7C472235cf4ee94fc960aa08dbf7d40f98%7C5265a077601f4313b5e9946c239ec817%7C1%7C0%7C638376328252310922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RD18v3ghjPUXTfm3azMx6ZZcKab4scBm%2FUchvRsrwEU%3D&reserved=0<https://mailman.nginx.org/mailman/listinfo/nginx>
Brad Bishop
Software Developer
Stratos Technology Partners
T +64 3 376 4525
E b.bishop at stp.co.nz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20231208/fe916716/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 464870 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20231208/fe916716/attachment-0001.jpg>
More information about the nginx
mailing list