AlinsRan commented on PR #1803: URL: https://github.com/apache/apisix-ingress-controller/pull/1803#issuecomment-1698352992
> > In a high availability architecture, a simple hang is meaningless for non-leader nodes, they still need to watch k8s resources continue to work, and are not allowed to hold write permissions until they become elected (write k8s resources, write apisix) > > Great design, providing a clearer control plane and data plane architecture. However, I have a few questions: > > 1. Does the current architecture support high availability ? > 2. Can a non-leader APISIX ingress controller be used as a viable ETCD server? How does APISIX avoid connecting to an unavailable ETCD server? > 3. Some extreme edge cases may not be handled, such as when an APISIX ingress controller restarts before K8S CR resources such as `APISIXRoute` are synchronized to the corresponding ETCD server. Will the ETCD server come online prematurely and provide service? APISIX may obtain empty router data at this time, leading to failure. 1. Supported and implemented. 2. The non-leader node can still work, but it does not have write permission, but APISIX can still read data from it 3. In the current stage, DP and CP will run in one Pod, and if one of them is abnormal, the Pod will be restarted, and this problem does not exist. This problem only exists in the architecture where DP and CP are separated, which depends on the implementation of etcd-adapter, which can actually be solved, just ensure that etcd revision is always incremented, then APISIX will still read from DP when the DP plane is available Get the data. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
