Expose EPP via sidecar proxy #2680
Conversation
There was a problem hiding this comment.
Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved (waiting on @jianglai)
There was a problem hiding this comment.
Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @jianglai)
a discussion (no related file):
semi nit: typo in PR title
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @gbrodman)
a discussion (no related file):
Previously, gbrodman wrote…
semi nit: typo in PR title
oops. fixed.
There was a problem hiding this comment.
Reviewable status:
jianglai
force-pushed
the
epp
branch
4 times, most recently
from
1bc4142 to
342ac66
Compare
There was a problem hiding this comment.
Reviewed 4 of 9 files at r2, all commit messages.
Reviewable status: 5 of 10 files reviewed, 1 unresolved discussion (waiting on @jianglai)
release/cloudbuild-restart-proxies.yaml line 1 at r2 (raw file):
# This will do rolling restarts of all proxies. This forces the client to reconnect
why do we need this?
There was a problem hiding this comment.
Reviewed 3 of 9 files at r2.
Reviewable status: 8 of 10 files reviewed, 1 unresolved discussion (waiting on @gbrodman)
release/cloudbuild-restart-proxies.yaml line 1 at r2 (raw file):
Previously, gbrodman wrote…
why do we need this?
Because otherwise the proxy would hold on to the EPP connections but the nomulus instances with the session information would be gone. The client would still think they are logged in but they cannot do anything. Forcing the proxies to restart will force the clients to reconnect and re-login.
This is not ideal, of course, but it is better than the alternative.
There was a problem hiding this comment.
Reviewed 2 of 9 files at r2.
Reviewable status: 9 of 10 files reviewed, 1 unresolved discussion (waiting on @gbrodman)
jianglai
force-pushed
the
epp
branch
2 times, most recently
from
ac14d82 to
39fe6ce
Compare
There was a problem hiding this comment.
Reviewed 1 of 1 files at r3, 3 of 3 files at r4, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @gbrodman)
jianglai
force-pushed
the
epp
branch
4 times, most recently
from
69e8c41 to
540d40c
Compare
There was a problem hiding this comment.
Reviewed 3 of 9 files at r2, 4 of 4 files at r5, 2 of 2 files at r6, 1 of 1 files at r7, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @gbrodman)
There was a problem hiding this comment.
Reviewed 2 of 9 files at r2, 1 of 1 files at r3, 1 of 3 files at r4, 4 of 4 files at r5, 1 of 2 files at r6, 1 of 1 files at r7, all commit messages.
Reviewable status:
Resurrect the EPP load balancer which connects to the sidecar proxy within the same pod as nomulus. This is so that we have the freedom to choose between the standalone proxy and the sidecar one in case one doesn't work as expected.
Also switch to "Performance" nodes with does not have CPU or memory limits. I have observed that with the default nodes, after the service ran for a day or so the pods start to crash due to lack of memory from the nodes, which exacerbates the problem with sessions stickness.
Lastly, for the standalone proxies to work properly after a release of Nomulus, a GCB job is added to force restart the proxies (and therefore forcing the clients to reconnect and re-login, to re-establish sessions).
This change is