Skip to content

Conversation

@rohansingh
Copy link

What this PR does / why we need it:

A few years ago, #3684 changed the status port to use Unix sockets rather than TCP. As part of that change, keepalive_timeout 0 was added.

Sometime later, #4487 changed the status port back to TCP. However, keepalive was never re-enabled.

In practice we're seeing behavior where nginx stops accepting GET or POST to the status port during graceful shutdown since new connections aren't allowed.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • CVE Report (Scanner found CVE and adding report)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation only

How Has This Been Tested?

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I've read the CONTRIBUTION guide
  • I have added unit and/or e2e tests to cover my changes.
  • All new and existing tests passed.

A few years ago, kubernetes#3684 changed the status port to use Unix
sockets rather than TCP. As part of that change, `keepalive_timeout 0`
was added.

Sometime later, kubernetes#4487 changed the status port back to TCP.
However, keepalive was never re-enabled.

In practice we're seeing behavior where nginx stops accepting
GET or POST to the status port during graceful shutdown
since new connections aren't allowed.
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Feb 10, 2025

CLA Signed


The committers listed above are authorized under a signed CLA.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rohansingh
Once this PR has been reviewed and has the lgtm label, please assign gacko for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Feb 10, 2025
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot
Copy link
Contributor

Welcome @rohansingh!

It looks like this is your first PR to kubernetes/ingress-nginx 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/ingress-nginx has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Feb 10, 2025
@k8s-ci-robot
Copy link
Contributor

Hi @rohansingh. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. needs-priority size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 10, 2025
@netlify
Copy link

netlify bot commented Feb 10, 2025

Deploy Preview for kubernetes-ingress-nginx canceled.

Name Link
🔨 Latest commit 90ec1d5
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-ingress-nginx/deploys/67aa3d3bd7d7740008627b9f

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Feb 10, 2025
Copy link
Member

@tao12345666333 tao12345666333 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution!

There is some history here. I haven't read it all yet. But I want to confirm whether you have verified this behavior or the effects of this modification? If possible, can we construct an e2e test case to cover it?

@rohansingh
Copy link
Author

@tao12345666333 We've had this running in a production environment for a couple weeks now, and verified that connections are kept alive now between the controller process and nginx.

It should be possible to add an e2e test. Not sure when I will have the bandwidth for that unfortunately. Is it a requirement to merge this?

@tao12345666333
Copy link
Member

tao12345666333 commented Mar 1, 2025

@rohansingh thank you for the update.

If possible I would like to have e2e to cover its behavior

@tao12345666333
Copy link
Member

I will run exist tests first.

/hold
/ok-to&test

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 1, 2025
@github-actions
Copy link

github-actions bot commented May 9, 2025

This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.

@github-actions github-actions bot added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label May 9, 2025
@k8s-triage-robot
Copy link

The lifecycle/frozen label can not be applied to PRs.

This bot removes lifecycle/frozen from PRs because:

  • Commenting /lifecycle frozen on a PR has not worked since March 2021
  • PRs that remain open for >150 days are unlikely to be easily rebased

You can:

  • Rebase this PR and attempt to get it merged
  • Close this PR with /close

Please send feedback to sig-contributor-experience at kubernetes/community.

/remove-lifecycle frozen

@k8s-ci-robot k8s-ci-robot removed the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label May 9, 2025
@strongjz
Copy link
Member

strongjz commented Sep 4, 2025

/uncc
/unassign

@k8s-ci-robot k8s-ci-robot removed the request for review from strongjz September 4, 2025 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants