Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Excessive http2 error logs for 4318 and 9411 from haproxy ingress #10174

Open
tman5 opened this issue May 17, 2024 · 1 comment
Open

Excessive http2 error logs for 4318 and 9411 from haproxy ingress #10174

tman5 opened this issue May 17, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@tman5
Copy link

tman5 commented May 17, 2024

In our otel collector running on Kubernetes, we have a lot of these errors:

2024/05/17 14:50:02 http2: server: error reading preface from client 10.233.71.246:57676: read tcp 10.233.66.81:4318->10.233.71.246:57676: read: connection reset by peer
2024/05/17 19:14:30 http2: server: error reading preface from client 10.233.127.236:49048: read tcp 10.233.66.81:9411->10.233.127.236:49048: read: connection reset by peer

There is an haproxy-ingress controller in front of the collector (that's what the IPs are) and we have SSL enabled on the ingress and on the collector. grpc port does not throw these errors. SSL is enabled in the collector config. The cert is self-signed through cert-manager

Collector version: 0.98.0

apiVersion: opentelemetry.io/v1alpha1
kind: OpenTelemetryCollector
metadata:
  name: otel
  namespace: opentel-collector
spec:
  mode: "deployment"
  volumeMounts:
  - name: cert-files
    mountPath: /etc/pki/ca-trust/source/service-ca
    readOnly: true
  volumes:
  - name: cert-files
    secret:
      secretName: opentel-collector-dev-cert
  ingress:
    type: ingress
    hostname: opentel-collector.local
    ingressClassName: haproxy
    annotations:
      haproxy.org/path-rewrite: /otlp-(?:http|grpc)/(.*) /\1
      haproxy.org/server-ssl: "true"
      haproxy.org/backend-config-snippet: |
        http-check send meth GET
        http-check expect rstatus [234][0-9][0-9]
    tls:
      - secretName: opentel-collector-cert
        hosts:
          - opentel-collector.local
  resources:
    limits:
      cpu: '1'
      memory: 3Gi
    requests:
      cpu: 250m
      memory: 256Mi
  config: |
    receivers:
      otlp:
        protocols:
          grpc:
            endpoint: 0.0.0.0:4317
            tls:
              ca_file: "/etc/pki/ca-trust/source/service-ca/ca.crt"
              cert_file: "/etc/pki/ca-trust/source/service-ca/tls.crt"
              key_file: "/etc/pki/ca-trust/source/service-ca/tls.key"
          http:
            endpoint: 0.0.0.0:4318
            tls:
              ca_file: "/etc/pki/ca-trust/source/service-ca/ca.crt"
              cert_file: "/etc/pki/ca-trust/source/service-ca/tls.crt"
              key_file: "/etc/pki/ca-trust/source/service-ca/tls.key"
      zipkin:
            tls:
              ca_file: "/etc/pki/ca-trust/source/service-ca/ca.crt"
              cert_file: "/etc/pki/ca-trust/source/service-ca/tls.crt"
              key_file: "/etc/pki/ca-trust/source/service-ca/tls.key"
...
@tman5 tman5 added the bug Something isn't working label May 17, 2024
@tman5 tman5 changed the title Excessive http2 error logs for 4318 and 9411 Excessive http2 error logs for 4318 and 9411 from haproxy ingress May 17, 2024
@atoulme
Copy link
Contributor

atoulme commented May 29, 2024

This could be because of your haproxy config, is it set to perform healthchecks? See https://access.redhat.com/solutions/6999058 for example. Please post your haproxy configuration?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@atoulme @tman5