harbor-helm icon indicating copy to clipboard operation
harbor-helm copied to clipboard

Published 20 hours ago verified publisher icon goharbor

Allow setting internalTrafficPolicy for services

Open theasp opened this issue 2 years ago • 2 comments

Hi,

Would it be reasonable to allow setting internalTrafficPolicy for the services from values? i.e.

registry:
  internalTrafficPolicy: Local

And that winds up in the service:

apiVersion: v1
kind: Service
metadata:
  name: "{{ template "harbor.registry" . }}"
  labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
  internalTrafficPolicy: {{ template "harbor.registry.interalTraficPolicy" . }}
...

Default would be:

registry:
  internalTrafficPolicy: Cluster

theasp avatar May 12 '23 19:05 theasp

Hi @theasp, could you please justify why we need to set internalTrafficPolicy for services? thanks

zyyw avatar May 18 '23 01:05 zyyw

Hi @zyyw,

I've been dealing with an issue related to really slow pushes (like 1 MiB/s and I'm the only user), pulls are fine. For my config I have Traefik listening externally and a replica of core and registry on each machine. The issue seems to be related to Traefik talking to the registry and/or core pods. There may also be some large communication between those two pods, I've not looked into that closely.

My solution has been to set the following in values for the Harbor Helm chart, which causes Traefik to talk to to the Kubernetes service IP to do the load balancing, rather than it's default of doing it directly.

core:
  serviceAnnotations:
    traefik.ingress.kubernetes.io/service.nativelb: "true"
...
registry:
  serviceAnnotations:
    traefik.ingress.kubernetes.io/service.nativelb: "true"

The final setting required to make this work is to set internalTrafficPolicy to Local for the two services, which causes the service IP on each machine to send the traffic to the local machine only, rather than balacing it across the nodes in the cluster. I no longer am seeing slow pushes now that HTTP requests are being fully handled on the machine they came in on.

I'm not really sure why the performance is so bad without doing this, not much is going on with the cluster/network/storage. It wasn't every push that was slow, maybe around 50% of the layers pushed would be affected.

BTW, Cluster is the Kubernetes default.

theasp avatar May 19 '23 13:05 theasp