Hi all, I'm trying to bind an nginx-ingress to a regional IP, and most of the time it works OK. Yet every 10 attempts or so the connection doesn't go through, and I get an aborted SSL connection like this:
➜ ~ curl -vi https://bla.org/ * Trying xx.xxx.xxx.xxx... * TCP_NODELAY set * Connected to bla.org (xx.xxx.xxx.xxx) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bla.org:443 * stopped the pause stream! * Closing connection 0 curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bla:443 In Chrome browser, this is shown as "ERR_SSL_VERSION_INTERFERENCE", and a reload of the page usually resolves it. Very sparsely, I've also seen the Google 404 page pop up. So I'm beginning to think that this isn't an nginx misconfiguration, but rather that the forwarding rule between the regional IP and my cluster randomly breaks down. It may be worth mentioning that the cluster contains one node pool of preemptible machines with auto-scaling, so the set of nodes updates quite frequently (nginx-ingress-controller is NOT running on a preemptible node class). Is it possible that the GCE forwarding rule is updated too slowly and points to a machine that has already been deprovisioned? Thanks for any pointers! - Friedrich -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
