Replace Status port using a socket

[aledbf]

What this PR does / why we need it:

Which issue this PR fixes: fixes #3457

The new status server is configured like this:

	# default server, used for NGINX healthcheck and access to nginx stats
	server {
		listen unix:/tmp/nginx-status-server.sock;
		set $proxy_upstream_name "internal";
		
		keepalive_timeout 0;
		gzip off;
		
		access_log off;
		
		location /healthz {
			return 200;
		}
		
		location /is-dynamic-lb-initialized {
			content_by_lua_block {
				local configuration = require("configuration")
				local backend_data = configuration.get_backends_data()
				if not backend_data then
				ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
				return
				end
				
				ngx.say("OK")
				ngx.exit(ngx.HTTP_OK)
			}
		}
		
		location /nginx_status {
			stub_status on;
		}
		
		location /configuration {
			# this should be equals to configuration_data dict
			client_max_body_size                    10m;
			client_body_buffer_size                 10m;
			proxy_buffering                         off;
			
			content_by_lua_block {
				configuration.call()
			}
		}
		
		location / {
			content_by_lua_block {
				ngx.exit(ngx.HTTP_NOT_FOUND)
			}
		}
	}
}

[ElvinEfendi]

make sense 👍

But I don't see how it's going to fix #3457. That issue seems to be result of Nginx not having enough resources - so this PR will help a bit since it reduces overhead but when the server is under more load the same thing will happen.

[aledbf]

But I don't see how it's going to fix #3457.

Please check comments after #3457 (comment)

For some reason, the health checks start failing without valid reason. If you enter in the container and run netstat -lnp nginx is listening in all the interfaces but the go client cannot reach 127.0.0.1:18080.
Replacing the port for a unix socket removes this issue, removes a port from the ingress controller and also encapsulates the server.

[ElvinEfendi]

@aledbf I support switching to using UNIX socket. And this might indeed fix the issue but it also might not. It'd be nice to understand

nginx is listening in all the interfaces but the go client cannot reach 127.0.0.1:18080

--

Again, this PR is a right direction!

[aledbf]

It'd be nice to understand
nginx is listening in all the interfaces but the go client cannot reach 127.0.0.1:18080

Agree. The issue here is that I cannot reproduce this issue and why I am waiting for feedback from #3457.

[alexkursell]

This also applies to sort-backends, but why are we marking these flags deprecated when we are removing them? Aren't they either deprecated or removed, but not both?

[aledbf]

To avoid breaking existing deployments using the flags. We can remove the flags in 0.24

[alexkursell]

When 0.22 was released, using --sort-backends generated an error (unknown flag: --sort-backends) because the flag was removed. MarkDeprecated doesn't do anything if the flag is removed. See also @ElvinEfendi comment here: #3655 (comment)

[aledbf]

fixed.

[ElvinEfendi]

I wonder why did we not do this before. Also where are you not doing the same above for backends?

[aledbf]

check added to backends

[ElvinEfendi]

why do you build the client for every request? why not build it once and use the same client always?

[aledbf]

changed

[ElvinEfendi]

nitpick: statusLocation probably makes more sense since this is an alias to StatusSocket

[aledbf]

done

[ElvinEfendi]

Can you avoid hardcoding this here and use https://github.com/kubernetes/ingress-nginx/pull/3684/files#diff-6c2cb34e0bc02a92a477db1ea8101b69R34 instead?

[aledbf]

done

[ElvinEfendi]

Why are you deleting this now? Why did we even have this here, does not make sense

[aledbf]

Why are you deleting this now?

Because before this change we publish the server to port 18080.

Why did we even have this here, does not make sense

Keep in mind we had more content before 0.16 (like vts pages)

[ElvinEfendi]

/lgtm
/approve

[ElvinEfendi]

Please don't modify history during review process, makes it hard to review new changes :)

[ElvinEfendi]

/lgtm

I guess the change was to avoid PID hardcoding.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf, ElvinEfendi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ElvinEfendi,aledbf]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[aledbf]

Please don't modify history during review process, makes it hard to review new changes :)

Sorry about that but I didn't want a new commit just to fix a template in the issue.