Shib + Kubernetes rollingupdates
Darren Boss
darren.boss at computecanada.ca
Thu May 16 15:55:02 EDT 2019
Use a readinessProbe so it won't get traffic until it's ready. This works
for me but could almost certainly use improvement:
readinessProbe:
failureThreshold: 3
httpGet:
path: /idp
port: 8080
scheme: HTTP
initialDelaySeconds: 110
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 1
On Thu, May 16, 2019 at 2:35 PM Mark Y. Goh <mgoh at cca.edu> wrote:
> Hi
> I run shibboleth3 on Google Kubernetes Engine and wondering if folks have
> experience with getting rollingupdates working correctly with shib.
>
> we run shib 3.3 with a hazelcast backend with google load balancer. i have
> been experimenting with different values for periodSec, initialDelay but
> have not found any combination that does not cause a small downtime
> (3-10s). the 502 service unavailable error usually occurs when the new pod
> becomes pending even though i have 3 working replicas. (4 replicas,
> maxsurge 4, maxunavail 25%).
>
> thanks,
> mark
> --
>
> Mark Y. Goh, Lead Systems Administrator, California College of the Arts, mgoh at cca.edu
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
--
*Darren Boss*
*Senior Programmer/Analyst*
*Programmeur-analyste principal*
*darren.boss at computecanada.ca <darren.boss at computecanada.ca>*
*(o) 416.228.1234 x *230
*(c) 919.525.0083*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190516/218969ef/attachment.html>
More information about the users
mailing list