chore(helm): updated timings for readinessProbe and failTimeout nginx (#58) (#61)

Co-authored-by: Frederic Spiers <[email protected]>

Author: ixxeL2097

helm/ggbridge/README.md

@@ -27,7 +27,7 @@ A Helm chart for installing ggbridge
 | client.readinessProbe.exec.command[3] | string | `"http://127.0.0.1:9081/healthz"` |  |
 | client.readinessProbe.failureThreshold | int | `3` |  |
 | client.readinessProbe.initialDelaySeconds | int | `10` |  |
-| client.readinessProbe.periodSeconds | int | `6` |  |
+| client.readinessProbe.periodSeconds | int | `7` |  |
 | client.readinessProbe.successThreshold | int | `1` |  |
 | client.readinessProbe.timeoutSeconds | int | `5` |  |
 | client.reverseTunnels.health.enabled | bool | `true` | Enable server to client health tunnel |
@@ -75,13 +75,17 @@ A Helm chart for installing ggbridge
 | podSecurityContext.enabled | bool | `true` | Enable Pod security Context in deployments |
 | proxy.affinity | object | `{}` | Affinity for pod assignment |
 | proxy.annotations | object | `{}` | Set proxy annotations |
-| proxy.config | object | `{"server":{"proxyConnectTimeout":"10s","proxyTimeout":"600s"},"upstream":{"failTimeout":"60s","maxFails":1}}` | Nginx configuration |
-| proxy.config.server | object | `{"proxyConnectTimeout":"10s","proxyTimeout":"600s"}` | Nginx server configuration |
-| proxy.config.server.proxyConnectTimeout | string | `"10s"` | Nginx proxy timeout for TCP handshake |
-| proxy.config.server.proxyTimeout | string | `"600s"` | Nginx proxy timeout for data exchange |
-| proxy.config.upstream | object | `{"failTimeout":"60s","maxFails":1}` | Nginx upstream configuration |
-| proxy.config.upstream.failTimeout | string | `"60s"` | Time during which the specified number of unsuccessful attempts must happen to mark the server as unavailable |
-| proxy.config.upstream.maxFails | int | `1` | Maximum number of unsuccessful attempts to communicate with the server |
+| proxy.config | object | `{"server":{"customDirectives":[],"proxyConnectTimeout":"30s","proxyTimeout":"1800s"},"upstream":{"backupMode":false,"downServers":[],"failTimeout":"120s","healthLoadBalancing":true,"maxFails":2}}` | Nginx configuration |
+| proxy.config.server | object | `{"customDirectives":[],"proxyConnectTimeout":"30s","proxyTimeout":"1800s"}` | Nginx server section configuration |
+| proxy.config.server.customDirectives | list | `[]` | custom parameters to add to the 'server' section of nginx.conf you need to choose which section it applies to can be "health", "socks", "web" or "tls" |
+| proxy.config.server.proxyConnectTimeout | string | `"30s"` | Nginx connection proxy timeout |
+| proxy.config.server.proxyTimeout | string | `"1800s"` | Nginx global proxy timeout |
+| proxy.config.upstream | object | `{"backupMode":false,"downServers":[],"failTimeout":"120s","healthLoadBalancing":true,"maxFails":2}` | Nginx upstream configuration |
+| proxy.config.upstream.backupMode | bool | `false` | Enable backup mode, will switch from round robin to backup setting for upstream servers |
+| proxy.config.upstream.downServers | list | `[]` | List of server proxy to disable in nginx conf For example [1,2] will mark proxy-1 and proxy-2 as down |
+| proxy.config.upstream.failTimeout | string | `"120s"` | Time during which the specified number of unsuccessful attempts must happen to mark the server as unavailable |
+| proxy.config.upstream.healthLoadBalancing | bool | `true` | Enable load balancing for health upstream (when false, only use the server with weight 100) |
+| proxy.config.upstream.maxFails | int | `2` | Maximum number of unsuccessful attempts to communicate with the server |
 | proxy.labels | object | `{}` | Set proxy labels |
 | proxy.logLevel | string | `"notice"` | Set nginx sidecar container and proxy pod log level (default: notice) |
 | proxy.networkPolicy.allowExternal | bool | `true` | When true, server will accept connections from any source |
@@ -99,7 +103,7 @@ A Helm chart for installing ggbridge
 | proxy.readinessProbe.exec.command[4] | string | `"http://127.0.0.1:9081/healthz"` |  |
 | proxy.readinessProbe.failureThreshold | int | `3` |  |
 | proxy.readinessProbe.initialDelaySeconds | int | `10` |  |
-| proxy.readinessProbe.periodSeconds | int | `6` |  |
+| proxy.readinessProbe.periodSeconds | int | `7` |  |
 | proxy.readinessProbe.successThreshold | int | `1` |  |
 | proxy.readinessProbe.timeoutSeconds | int | `5` |  |
 | proxy.replicaCount | int | `1` | Number of pods for each deployment |

helm/ggbridge/files/proxy/nginx.conf

@@ -8,8 +8,16 @@
 {{- $logLevel := $context.Values.proxy.logLevel -}}
 {{- $maxFails := $context.Values.proxy.config.upstream.maxFails | default 1 -}}
 {{- $failTimeout := $context.Values.proxy.config.upstream.failTimeout | default "60s" -}}
+{{- $healthLoadBalancing := $context.Values.proxy.config.upstream.healthLoadBalancing -}}
 {{- $proxyTimeout := $context.Values.proxy.config.server.proxyTimeout | default "600s" -}}
 {{- $proxyConnectTimeout := $context.Values.proxy.config.server.proxyConnectTimeout | default "10s" -}}
+{{- $customDirectivesConfig := $context.Values.proxy.config.server.customDirectives | default list -}}
+{{- $downServers := $context.Values.proxy.config.upstream.downServers | default list -}}
+{{- $backupMode := $context.Values.proxy.config.upstream.backupMode | default false -}}
+
+{{- $currentIndex := $index | int -}}
+{{- $healthProxyTimeout := "600s" -}}
+{{- $healthProxyConnectTimeout := "5s" -}}
 
 load_module "/usr/lib/nginx/modules/ngx_stream_module.so";
 
@@ -33,22 +41,66 @@ stream {
     resolver {{ printf "kube-dns.kube-system.svc.%s" $clusterDomain }} valid=30s;
     resolver_timeout 5s;
 
-    {{ range $tunnel, $config := $ports }}
+    {{- range $tunnel, $config := $ports }}
     upstream {{ $tunnel }} {
-        {{- range $idx := until ($context.Values.deploymentCount | int) }}
-          {{- $indexProxyFullname := printf "%s-proxy-%d" $fullname ($idx | int) }}
-          {{- $weight := ternary 100 1 (eq $idx $index) }}
-          {{ printf "server %s:%d weight=%d max_fails=%v fail_timeout=%s;" (printf "%s.%s.svc.%s" $indexProxyFullname $releaseNamespace $clusterDomain) ($config.port | int) $weight $maxFails $failTimeout }}
+        {{- if and (eq $tunnel "health") (not $healthLoadBalancing) }}
+          {{- $indexProxyFullname := printf "%s-proxy-%d" $fullname $currentIndex }}
+          {{- $isDown := false }}
+          {{- range $downServers }}
+            {{- if eq (. | int) ($currentIndex | int) }}
+              {{- $isDown = true }}
+            {{- end }}
+          {{- end }}
+        server {{ printf "%s.%s.svc.%s" $indexProxyFullname $releaseNamespace $clusterDomain }}:{{ $config.port }} max_fails={{ $maxFails }} fail_timeout={{ $failTimeout }}{{- if $isDown }} down{{- end }};
+        {{- else }}
+          {{- range $idx := until ($context.Values.deploymentCount | int) }}
+            {{- $indexProxyFullname := printf "%s-proxy-%d" $fullname $idx }}
+            {{- $isDown := false }}
+            {{- range $downServers }}
+              {{- if eq (. | int) ($idx | int) }}
+                {{- $isDown = true }}
+              {{- end }}
+            {{- end }}
+            {{- if $backupMode }}
+              {{- if eq $idx $currentIndex }}
+        server {{ printf "%s.%s.svc.%s" $indexProxyFullname $releaseNamespace $clusterDomain }}:{{ $config.port }} max_fails={{ $maxFails }} fail_timeout={{ $failTimeout }}{{- if $isDown }} down{{- end }};
+              {{- else }}
+        server {{ printf "%s.%s.svc.%s" $indexProxyFullname $releaseNamespace $clusterDomain }}:{{ $config.port }} max_fails={{ $maxFails }} fail_timeout={{ $failTimeout }}{{- if $isDown }} down{{- end }} backup;
+              {{- end }}
+            {{- else }}
+              {{- $weight := ternary 100 1 (eq $idx $currentIndex) }}
+        server {{ printf "%s.%s.svc.%s" $indexProxyFullname $releaseNamespace $clusterDomain }}:{{ $config.port }} weight={{ $weight }} max_fails={{ $maxFails }} fail_timeout={{ $failTimeout }}{{- if $isDown }} down{{- end }};
+            {{- end }}
+          {{- end }}
         {{- end }}
     }
-    {{ end }}
+    {{- end }}
 
     {{ range $tunnel, $config := $ports }}
     server {
         listen {{ $config.containerPort }};
         proxy_pass {{ $tunnel }};
+        {{- if eq $tunnel "health" }}
+        proxy_timeout {{ $healthProxyTimeout }};
+        proxy_connect_timeout {{ $healthProxyConnectTimeout }};
+        {{- else }}
         proxy_timeout {{ $proxyTimeout }};
         proxy_connect_timeout {{ $proxyConnectTimeout }};
+        {{- end }}
+        {{- range $customDirectivesConfig }}
+          {{- $applyTo := .applyTo }}
+          {{- $shouldApply := false }}
+          {{- if kindIs "slice" $applyTo }}
+            {{- if has $tunnel $applyTo }}
+              {{- $shouldApply = true }}
+            {{- end }}
+          {{- end }}
+          {{- if $shouldApply }}
+            {{- range .directives }}
+        {{ . }}
+            {{- end }}
+          {{- end }}
+        {{- end }}
     }
-    {{ end }}
+    {{- end }}
 }

helm/ggbridge/values.yaml

@@ -300,7 +300,7 @@ client:
         - -grace-period=60
         - http://127.0.0.1:9081/healthz
     initialDelaySeconds: 10
-    periodSeconds: 6
+    periodSeconds: 7
     timeoutSeconds: 5
     successThreshold: 1
     failureThreshold: 3
@@ -397,18 +397,38 @@ proxy:
 
   # -- Nginx configuration
   config:
-    # -- Nginx server configuration
+    # -- Nginx server section configuration
     server:
-      # -- Nginx proxy timeout for data exchange
-      proxyTimeout: 600s
-      # -- Nginx proxy timeout for TCP handshake
-      proxyConnectTimeout: 10s
+      # -- Nginx global proxy timeout
+      proxyTimeout: 1800s
+      # -- Nginx connection proxy timeout
+      proxyConnectTimeout: 30s
+      # -- custom parameters to add to the 'server' section of nginx.conf
+      # you need to choose which section it applies to
+      # can be "health", "socks", "web" or "tls"
+      customDirectives: []
+        # - directives:
+        #     - "proxy_responses 1;"
+        #     - "proxy_bind $remote_addr transparent;"
+        #   applyTo: ["health", "socks", "web", "tls"]
+        # - directives:
+        #     - "proxy_protocol on;"
+        #     - "proxy_socket_keepalive on;"
+        #   applyTo: ["tls"]
+
     # -- Nginx upstream configuration
     upstream:
       # -- Maximum number of unsuccessful attempts to communicate with the server
-      maxFails: 1
+      maxFails: 2
       # -- Time during which the specified number of unsuccessful attempts must happen to mark the server as unavailable
-      failTimeout: 60s
+      failTimeout: 120s
+      # -- Enable load balancing for health upstream (when false, only use the server with weight 100)
+      healthLoadBalancing: true
+      # -- List of server proxy to disable in nginx conf
+      # For example [1,2] will mark proxy-1 and proxy-2 as down
+      downServers: []
+      # -- Enable backup mode, will switch from round robin to backup setting for upstream servers
+      backupMode: false
 
   # -- Set the Proxy DNS resolver
   resolver: kube-dns.kube-system.svc.cluster.local
@@ -676,7 +696,7 @@ proxy:
         - -grace-period=60
         - http://127.0.0.1:9081/healthz
     initialDelaySeconds: 10
-    periodSeconds: 6
+    periodSeconds: 7
     timeoutSeconds: 5
     successThreshold: 1
     failureThreshold: 3