ELB vs ALB in Rancher 1.4.0

I noticed that the docs suggest using ALB’s instead of ELB’s, after the ELB support was removed and then re-added in 1.3: http://docs.rancher.com/rancher/v1.4/en/installing-rancher/installing-server/#running-rancher-server-behind-an-application-load-balancer-alb-in-aws

Why was this change made? Will the team ever stabilize on a recommendation? The constant back and forth is incredibly annoying (and confusing.)

If it’s working for you you can continue to use it. We want to use ALB because it’s significantly simpler to setup. But multiple people have found flakiness with ALB that is impossible to reproduce and just goes away for an indefinite time if you configure a replacement ALB exactly the same way. Weird stuff where it occasionally modifies the request path sent to the backend, or sends back cached or just outright wrong/cross-wired responses to requests.

Also a couple specific parts of Kubernetes use the SPDY protocol, which we didn’t know at the time. ALB does not support SPDY, so those are broken when going through ALB.

Vincent - I tried like hell to get Rancher to work with an ELB & proxy protocol policies… but it seemed to just fail on communicating with the host-agent during host set up.

I used ALB and it just worked. But I’d rather not use the flakey option…

My issue is documented here: https://github.com/rancher/rancher/issues/7775

Do you know of any reason I would have had trouble with ws & my ELB?

Since it seems like you covered the obvious stuff I would probably look at capturing the request request with tcpdump from the server container and looking at it with Wireshark. I know you have it working now but if you’re interested it could be setup on a different port to try and repeat it.

@vincent This issue would be a little less problematic if rancher worked a little better with nginx. See https://github.com/rancher/rancher/issues/6447. Would prefer to just use nginx for a proxy as I have also seen issues with ALB.

@ryanwalls if that only occurs with nginx that is not at all obvious in that issue… But if that’s the case then clearly the problem is in the nginx config because the server doesn’t just start generating null bytes when passed through a particular proxy.

Yeah, I’m not 100% sure on that it happens only with nginx… but I’m pretty confident. I also agree if it only happens with nginx, then it is an nginx config issue. So it might be worth looking into a different/better config recommendation instead of what is currently in the install docs. https://docs.rancher.com/rancher/v1.4/en/installing-rancher/installing-server/basic-ssl-config/#example-nginx-configuration