Stx-ingress is using the container file system when buffering requests with big body size
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Thales Elero Cervi |
Bug Description
Brief Description
-----------------
When requests with big body size go through the stx ingress before reaching the application service, the container is buffering the request body on its /tmp dir that is not mounted to any Kubernetes volume, temporally increasing the docker fs instead of the kubelet fs usage.
Example: Glance image (huge size, >20g) upload when stx-openstack has HTTPS enabled.
Severity
--------
Minor: Feature is usable with minor issue.
Steps to Reproduce
------------------
* Apply stx-openstack application to the system
* Enable HTTPS for stx-openstack application
* Try to upload an OpenStack image (size >20g): openstack image create --file 50gb_dummy_
Expected Behavior
------------------
User should be able to upload the image if system has enough free size for a temporary disk usage increase on kubelet-lv
Actual Behavior
----------------
User is not able to upload the image even when the system has enough free size for a temporary disk usage peak on kubelet-lv
Reproducibility
---------------
Reproducible when docker-lv does not have enough free size for a temporary disk usage peak
System Configuration
-------
Stx-openstack with HTTPS
Branch/Pull Time/Commit
-------
master
Last Pass
---------
Never
Timestamp/Logs
--------------
2022-05-
Test Activity
-------------
Feature Testing
Workaround
----------
User needs to extended the available disk on docker-lv so the upload is able to complete.
That's not desirable, since when stx-opesntack is running with HTTP user needs to extended the available disk on kubelet-lv for this kind of operation. We should keep consistency between operation guides.
The reason why kubelet-lv stores the buffering for HTTP requests is that the openstack ingress is able to resolve the service inside the cluster and the openstack ingress has its /tmp mounted to a Kubernetes Ephemeral Volume (emptyDir).
When HTTPS is enabled there is a service name resolution that will lead the request to reach the stx-ingress before reaching the service. This ingress is not mounting its /tmp to a Kubernetes volume and therefore it is using the container file system when buffering.
The container file system will be place where containerd is mapped to, in this case it will be on docker-lv. It can be considered a bad usage of the container file system.
[sysadmin@
root = "/var/lib/docker"
state = "/var/run/
Platform Ingress:
Mounts:
/usr/local/
/var/run/
OpenStack Ingress:
Mounts:
/tmp from pod-tmp (rw)
Changed in starlingx: | |
assignee: | nobody → Thales Elero Cervi (tcervi) |
summary: |
- Stx-ingress is using the container file system when caching requests + Stx-ingress is using the container file system when buffering requests with big body size |
description: | updated |
tags: | added: stx.apps |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.7.0 |
Fix proposed to branch: master /review. opendev. org/c/starlingx /nginx- ingress- controller- armada- app/+/841624
Review: https:/