CODEWITHSUNDEEP
socketskubernetesnginxtcpnginx-ingress
SanVEE
SanVEE

Reputation: 2070

Exposing TCP Services with NGINX Ingress in Kubernetes

I've followed all the steps as mentioned here - https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

  1. Configmap that specifies the <external-port>: <namespace/k8s-svc:port>
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
  9000: "default/sample-go-app:8080"
  1. The Load balancer service that includes the external-port under ports section
apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: LoadBalancer
  ports:
    - name: proxied-tcp-9000
      port: 9000
      targetPort: 9000
      protocol: TCP
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  1. Finally, passing the above configmap as an argument to ingress controller's deployment
args:
    - /nginx-ingress-controller
    - --tcp-services-configmap=ingress-nginx/tcp-services

Now, at this point everything works as expected. i.e. the clients can send tcp traffic to [LoadBalancer-IP: External-Port] and the tcp traffic is routed to [default/sample-go-app:8080] svc/pod, now if I look for active TCP connections at sample-go-app pod using netstat, it shows around 4 active connections(I assume this could vary based on clients)

but the question is when there's no connections from clients (no clients initiated any connection), I can still see there are about ~ 3 tcp connections in ESTABLISHED state from [NGINX Ingress Controller Pod] to the [destination pod - i.e. sample-go-app pod]

sample-go-app$ netstat | grep tcp
tcp   0  0  sample-app-pod-ip:8080 ingress-controller-pod-ip:port ESTABLISHED
tcp   0  0  sample-app-pod-ip:8080 ingress-controller-pod-ip:port ESTABLISHED
tcp   0  0  sample-app-pod-ip:8080 ingress-controller-pod-ip:port ESTABLISHED

Any suggestions why we have these active connections from NGINX controller to upstream server(i.e. sample-go-app pod) and getting refreshed(only the port number changes from ingress controller pod) every few seconds? is there a way to remove these un-used connections?

Upvotes: 1

Views: 282

Answers (1)

Imran Premnawaz
Imran Premnawaz

Reputation: 265

The way NGINX handles the TCP connection for load balancing and connection reuse may be the cause of the behavior you are observing, where there are active connections between the NGINX Ingress controller and destination pod even in the absence of client requests.

It should be noted that NGINX contains a keepalive directive that specifies how many connections should be maintained open in the connection pool. As a result, you may see some connections are left open even when no client requests are coming in. Refer to this for more information on this.

Also you can configure the NGINX ingress controller to have a shorter keep-alive timeout to close idle connections faster. In simple words you can modify the NGINX configurations by setting a lower keep_alive timeout for TCP connections.For more information on this keepalive connections refer to this blog by Timo Stark.

Upvotes: 1

Related Questions