Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transportserver resource breaks with a long FQDN host value. #1697

Closed
jppitout opened this issue Jun 25, 2021 · 3 comments · Fixed by #3274
Closed

Transportserver resource breaks with a long FQDN host value. #1697

jppitout opened this issue Jun 25, 2021 · 3 comments · Fixed by #3274

Comments

@jppitout
Copy link

jppitout commented Jun 25, 2021
edited
Loading

NGINX Ingress controller version: 1.11.3
Kubernetes version: v1.19

  • Cloud provider: Azure
  • OS: Ubuntu 16.04.7 LTS (Xenial Xerus)
  • Kernel: 4.15.0-143-generic
  • Install tools: Kubernetes manifests

Description
When adding a transportserver resource with a long FQDN (in our case 57 characters) we get the below error repeated in the logs and nginx-ingress controller takes a very long time to startup affecting other ingress resources:

stderr: "2021/06/24 14:33:38 [emerg] 21#21: could not build map_hash, you should increase map_hash_bucket_size: 64\nnginx: [emerg] could not build map_hash, you should increase map_hash_bucket_size: 64\n"

To Reproduce
Steps to reproduce the behavior:

Install the ingress controller

$ git clone https://github.com/nginxinc/kubernetes-ingress/
$ cd kubernetes-ingress/deployments/common/crds
$ kubectl apply \
  -f k8s.nginx.org_policies.yaml \
  -f k8s.nginx.org_transportservers.yaml \
  -f k8s.nginx.org_virtualserverroutes.yaml \ 
  -f k8s.nginx.org_virtualservers.yaml
$ cd ..
$ kubectl apply \
  -f ns-and-sa.yaml \
  -f default-server-secret.yaml \
  -f ingress-class.yaml \
  -f nginx-config.yaml \
$ cd ../rbac/
$ kubectl apply -f rbac.yaml
$ cd ../deployment/

Add the following to args: in nginx-ingress.yaml spec:

          - -report-ingress-status                                              
          - -external-service=nginx-ingress                                     
          - -ingress-class=nginx                                                
          - -enable-tls-passthrough                                             
          - -enable-custom-resources=true

Apply deployment manifest:

$ kubectl apply -f nginx-ingress.yaml

Install an application that will act as a backend (is just an echo app)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/http-svc.yaml

Create an transportserver resource:

echo "
  apiVersion: k8s.nginx.org/v1alpha1
  kind: TransportServer
  metadata:
    name: http-svc
    namespace: nginx-ingress
  spec:
    ingressClassName: nginx
    listener:
      name: tls-passthrough
      protocol: TLS_PASSTHROUGH
    host: foo.bar.example.with.a.long.fullyqulaifieddomainname.com
    upstreams:
      - name: http-svc
        service: http-svc
        port: 80
    action:
      pass: http-svc

" | kubectl apply -f -

Expected behavior
Nginx-ingress controller to start without errors.

Is there a way to set map_hash_bucket_size in the configmap? I've not been able to find a way.

Is server-name-hash-bucket-size related? I have tried setting the below but these don't change the behaviour:

  #server-name-hash-bucket-size: "256"
  #server-name-hash-max-size: "1024"
  server-names-hash-bucket-size: "256"
  server-names-hash-max-size: "1024"

Note: When the host value in the transportserver resource has less characters the error goes away.
@github-actions
Copy link

Hi @jppitout thanks for reporting!

Be sure to check out the docs while you wait for a human to take a look at this 🙂

Cheers!

@jppitout
Copy link
Author

jppitout commented Jun 28, 2021
edited
Loading

Quick update: Using custom templates with this template I managed to get map_hash_bucket_size 128; set in nginx.conf of the ingress controller pod but am still seeing the below error:

stderr: "2021/06/28 11:52:07 [emerg] 32#32: could not build map_hash, you should increase map_hash_bucket_size: 64\nnginx: [emerg] could not build map_hash, you should increase map_hash_bucket_size: 64\n"

Code snippet from /etc/nginx/nginx.conf in the ingress pod:

    server_names_hash_max_size 1024;
    server_names_hash_bucket_size 256;
    map_hash_bucket_size 512;
    map_hash_max_size 2048;
    variables_hash_bucket_size 256;
    variables_hash_max_size 1024;

Note: Above was inside the http { stanza and above any map stanzas.
It seems that adding to the map_hash settings to the stream context inside http stanza resolves the issue. But I'm still testing...

@jppitout
Copy link
Author

jppitout commented Jun 28, 2021
edited
Loading

For anyone else that may experience similar, in the end I managed to solve this with stream-snippets in the configmap:

  stream-snippets: |
    map_hash_bucket_size 512;
    map_hash_max_size 2048;

@brianehlert brianehlert linked a pull request Nov 23, 2022 that will close this issue
Allow configuration of map-hash-bucket-size and map-hash-max-size directives #3274
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@jppitout