High Availability Considerations (NGINX-based Ingress controller)¶
This article provides configuration recommendations for the Wallarm Ingress controller to be highly available and prevented from downtimes.
Other recommendations
Wallarm’s version of the Kubernetes Ingress controller is based on the community-supported NGINX Ingress controller for Kubernetes, so the majority of recommendations found in the official Ingress controller documentation and on the public Internet are also applicable to Wallarm’s Ingress controller.
Recommended reading:
Configuration recommendations¶
The following recommendations are relevant for missing-critical (production) environments.
-
Use more than one Ingress controller pod instances. The behavior is controlled using the attribute
controller.replicaCount
in thevalues.yaml
file. For example:
-
Force the Kubernetes cluster to place Ingress controller pods on different nodes: this will increase the Ingress service's resilience in case of a node failure. This behavior is controlled using the Kubernetes pod anti-affinity feature, which is configured in the
values.yaml
file. For example:
-
In clusters that are subject to unexpected traffic spikes or other conditions that may justify the use of Kubernetes's horizontal pod autoscaling (HPA) feature it can enabled in the
values.yaml
file using the following example:
-
Run at least two instances of Wallarm's postanalytics service based on the Tarantool database. These pods include
ingress-controller-wallarm-tarantool
in the name. The behavior is controlled in the filevalues.yaml
using the attributecontroller.wallarm.tarantool.replicaCount
. For example:
Configuration procedure¶
To set listed configurations, it is recommended to use the option --set
of the commands helm install
and helm upgrade
, for example:
helm install --set controller.replicaCount=2 <INGRESS_CONTROLLER_RELEASE_NAME> wallarm/wallarm-ingress -n <KUBERNETES_NAMESPACE>
There are also other parameters required for correct Ingress controller installation. Please pass them in the --set
option too.