Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow setting internalTrafficPolicy for services #1504

Open
theasp opened this issue May 12, 2023 · 2 comments
Open

Allow setting internalTrafficPolicy for services #1504

theasp opened this issue May 12, 2023 · 2 comments
Labels
kind/requirement

Comments

@theasp
Copy link

theasp commented May 12, 2023

Hi,

Would it be reasonable to allow setting internalTrafficPolicy for the services from values? i.e.

registry:
  internalTrafficPolicy: Local

And that winds up in the service:

apiVersion: v1
kind: Service
metadata:
  name: "{{ template "harbor.registry" . }}"
  labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
  internalTrafficPolicy: {{ template "harbor.registry.interalTraficPolicy" . }}
...

Default would be:

registry:
  internalTrafficPolicy: Cluster
@zyyw
Copy link
Collaborator

zyyw commented May 18, 2023

Hi @theasp, could you please justify why we need to set internalTrafficPolicy for services? thanks

@theasp
Copy link
Author

theasp commented May 19, 2023
edited

Hi @zyyw,

I've been dealing with an issue related to really slow pushes (like 1 MiB/s and I'm the only user), pulls are fine. For my config I have Traefik listening externally and a replica of core and registry on each machine. The issue seems to be related to Traefik talking to the registry and/or core pods. There may also be some large communication between those two pods, I've not looked into that closely.

My solution has been to set the following in values for the Harbor Helm chart, which causes Traefik to talk to to the Kubernetes service IP to do the load balancing, rather than it's default of doing it directly.

core:
  serviceAnnotations:
    traefik.ingress.kubernetes.io/service.nativelb: "true"
...
registry:
  serviceAnnotations:
    traefik.ingress.kubernetes.io/service.nativelb: "true"

The final setting required to make this work is to set internalTrafficPolicy to Local for the two services, which causes the service IP on each machine to send the traffic to the local machine only, rather than balacing it across the nodes in the cluster. I no longer am seeing slow pushes now that HTTP requests are being fully handled on the machine they came in on.

I'm not really sure why the performance is so bad without doing this, not much is going on with the cluster/network/storage. It wasn't every push that was slow, maybe around 50% of the layers pushed would be affected.

BTW, Cluster is the Kubernetes default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/requirement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ywk253100 @zyyw @theasp