[GLBC] LB garbage collection orphans named ports in instance groups

[bowei]

From @nicksardo on May 8, 2017 18:54

The GLBC does not remove the named port from an instance group when a backend is being deleted.

If users are frequently created/deleting services and ingresses, instance groups will become polluted with old node ports. Eventually, users will hit a max limit.

Exceeded limit 'MAX_DISTINCT_NAMED_PORTS' on resource 'k8s-ig--aaaaaaaaaaaa'

Temporary workaround

region=us-central1
cluster_id=$(kubectl get configmaps ingress-uid -o jsonpath='{.data.uid}' --namespace=kube-system)
ports=$(gcloud compute backend-services list --global --format='value(port,port)' |  xargs printf 'port%s:%s,')
for zone in b c f; do
  gcloud compute instance-groups unmanaged set-named-ports k8s-ig--$cluster_id --zone=$region-$zone --named-ports=$ports
done

Modify the region and list of zone suffix in the script.

Copied from original issue: kubernetes/ingress-nginx#695

[bowei]

From @nicksardo on May 26, 2017 22:20

Requires kubernetes/kubernetes#46457

[bowei]

From @porridge on June 5, 2017 12:44

I see that the dependency was merged a week ago. Is there a plan/ETA for this one?

[bowei]

From @nicksardo on June 5, 2017 17:33

@porridge I'm waiting on one more PR to merge before we can update this repo's vendored dependencies.

I expect to have a fix in for the next release of GLBC, but there's no ETA for that just yet.

[bowei]

From @pawloKoder on July 4, 2017 15:54

Any update on this issue?

[bowei]

From @G-Harmon on September 27, 2017 23:53

Hi, I'm starting to work on this now, as my first Kubernetes fix.

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle stale

[fejta-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

[nicksardo]

/remove-lifecycle rotten
/lifecycle frozen

[icco]

I'm seeing this still, as the suggested fix doesn't work. Any other thoughts?

[kraklin]

Any new information about this issue. We had to create new cluster and migrate all things to it because of this bug :/

[G-Harmon]

Why didn't the suggested workaround work, @icco?

[rramkumar1]

/assign

[icco]

@G-Harmon not sure, but it comes back like once a week.

[EliezerIsrael]

I just got bit by this one. Any news?

[bowei]

/reopen

[k8s-ci-robot]

@bowei: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[DaveWelling]

It seems like the workaround for this is to move the orphaned ports to another region? Is that right? I'm guessing that means there is no way to directly remove the ports? I cannot see any obvious method via the gcloud compute instance-groups cli. Did anybody find a better solution? I'm worried I will just have to jump from region to region. (sorry I misinterpreted how set-named-ports works)
Obviously, I'm also going to avoid recreating ingresses unnecessarily, but that also doesn't seem like permanent solution when we are in heavy development and have frequent deployments.

It seems strange to me that more people are not hitting this issue. Is there some mitigating difference in now people are deploying services that I haven't thought of?

[swetharepakula]

As the last report of this was almost a year ago, we are closing out this issue. We recommend users to move to NEGs (container-native) and migrate off of InstanceGroups. If there are still issues, please open a new github issue. Thanks!