Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POC - State Sharing #6983

Open
5 of 8 tasks
shaun-nx opened this issue Dec 13, 2024 · 2 comments
Open
5 of 8 tasks

POC - State Sharing #6983

shaun-nx opened this issue Dec 13, 2024 · 2 comments
Assignees
@javorszky @AlexFenlon @jjngx
Labels
poc Tasks that require investigation refined Issues that are ready to be prioritized
Milestone
v4.1.0

Comments

@shaun-nx
Copy link
Contributor

shaun-nx commented Dec 13, 2024
edited by vepatel
Loading

Questions to answer, and things to consider, during this POC

  • 1. Should zone_sync be enabled by default?
  • 2. Can it be secure, by default? (Current implementation of Headless Services does not use TLS)
  • 3. Do we require a flag/cli argument?
  • 4. Should this capability be toggled dynamically? (i.e. when enabling capabilities that take advantage of this)
  • 5. What would be the effort to decouple this capability from our OIDC implementation
  • 6. Do we need to refactor logic of current rate limiting where we divide by replicas?
  • 7. Identify independent functionality that needs to be in place to avoid one large change
  • 8. Identify if a TMA is required
@shaun-nx shaun-nx added the poc Tasks that require investigation label Dec 13, 2024
@shaun-nx shaun-nx added this to the v4.1.0 milestone Dec 13, 2024
@github-actions GitHub Actions
Copy link

Hi @shaun-nx thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

@shaun-nx shaun-nx added ready for refinement An issue that was triaged and it is ready to be refined refined Issues that are ready to be prioritized and removed ready for refinement An issue that was triaged and it is ready to be refined labels Jan 6, 2025
@jjngx
Copy link
Contributor

jjngx commented Jan 14, 2025
edited
Loading

Questions to answer, and things to consider, during this POC

  • 1. Should zone_sync be enabled by default?

No, we do not want to enable the functionality if it's not used.

  • 2. Can it be secure, by default? (Current implementation of Headless Services does not use TLS)
    -- yes, TLS cert(s) to secure communication between NIC Pods (NGINX Plus zones) need to be handled by a user
    -- adding TLS functionality would likely break current implementation (via Zone Sync ConfigMaps - TBD)
    -- TBD

  • 3. Do we require a flag/cli argument?

Yes. We want to be explicit. Add validation.

  • 4. Should this capability be toggled dynamically? (i.e. when enabling capabilities that take advantage of this)

No. See above - we want to be explicit, validate and "fail fast".

  • 5. What would be the effort to decouple this capability from our OIDC implementation

-- TBD
-- Look into zoneSyncLeeway
-- examples to check

  • 6. Do we need to refactor logic of current rate limiting where we divide by replicas?

Yes, for OSS and N+. TBD. The current implementation will still be used for OSS.

  • 7. Identify independent functionality that needs to be in place to avoid one large change
    -- zone sync configured without TLS support - focus on zone sync functionality and testing, for example the rate limiting
    -- add TLS configuration - regression testing
    -- TBD

  • 8. Identify if a TMA is required

Yes, it will be required. See communication between NGINX instances (NIC - pods)

@lucacome lucacome moved this to In Progress 🛠 in NGINX Ingress Controller Jan 15, 2025
@jjngx jjngx moved this from In Progress 🛠 to In Review 👀 in NGINX Ingress Controller Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javorszky javorszky

@AlexFenlon AlexFenlon

@jjngx jjngx

Labels
poc Tasks that require investigation refined Issues that are ready to be prioritized
Projects
NGINX Ingress Controller
Status: In Review 👀
Milestone
v4.1.0
Development

No branches or pull requests
4 participants
@javorszky @AlexFenlon @jjngx @shaun-nx