add more opaque/skip ports docs, and a protocol table #1057
Conversation
Try and clarify skip-ports and opaque-ports based on some recent Slack questions. Signed-off-by: William Morgan <[email protected]>
Signed-off-by: William Morgan <[email protected]>
kleimkuhler
left a comment
kleimkuhler
left a comment
There was a problem hiding this comment.
Looks good! Left a few comments.
| eventually the proxy will be ready. Alternatively, you can use | ||
| [linkerd-await](https://github.com/linkerd/linkerd-await) to delay the |
There was a problem hiding this comment.
So in order to use linkerd-await users will need to upgrade to a recent edge. On the recent edges, this feature is enabled by default so they don't actually need to do anything after upgrading. It may be worth wording it in this way:
| eventually the proxy will be ready. Alternatively, you can use | |
| [linkerd-await](https://github.com/linkerd/linkerd-await) to delay the | |
| eventually the proxy will be ready. Alternatively, you can upgrade to a recent | |
| edge that has the [linkerd-await](https://github.com/linkerd/linkerd-await) | |
| feature enabled by default—used to delay the application container until the | |
| proxy is ready. Or, ... |
There was a problem hiding this comment.
Not sure I understand. We've been using linkerd-await for years. What is different about recent edge releases?
There was a problem hiding this comment.
@wmorgan Yep this is good as is. I read this thinking you were referencing the config.linkerd.io/proxy-await annotation that was recently added to edges (linkerd/linkerd2#5967), but that will not be part of 2.10. So, this is good as is.
There was a problem hiding this comment.
Gotcha. Yeah I am very excited for that annotation.
| | MySQL | 3306 | none\* | skip ports | | ||
| | PostgreSQL | 5432 | none\* | skip ports | | ||
| | Memcache | 11211 | none\* | skip ports | | ||
| | ElasticSearch | 9300 | opaque ports | skip ports | |
There was a problem hiding this comment.
We have port 6379 for Redis in our default skip list in 2.9.4 and would move it to the opaque ports in 2.10.x
There was a problem hiding this comment.
Mysql with Galera replication. I don't know what's required for off-cluster but I presume it all should get skipped.
on-cluster:
2.9
- Skip ports: 3306, 4444, 4567, 4568
2.10 - Opaque ports: 3306, 4444
- Skip ports: 4567, 4568
There was a problem hiding this comment.
@electrical thanks! Can 4567 and 4568 not be opaque ports as well?
There was a problem hiding this comment.
@wmorgan I'm afraid not after extensive testing. This is due to how Galera replication uses the source IP for keeping track of the clients. When it goes through the proxy everything comes from 127.0.0.1 and loses track of it.
More details of that are in linkerd/linkerd2#5913
Signed-off-by: William Morgan <[email protected]>
Try and clarify skip-ports and opaque-ports based on some recent Slack questions.
Signed-off-by: William Morgan [email protected]