|
1 | 1 | --- |
2 | | -title: Scaling control plane and data plane |
| 2 | +title: Scaling the control plane and data plane |
3 | 3 | weight: 700 |
4 | 4 | toc: true |
5 | 5 | type: how-to |
6 | 6 | product: NGF |
7 | 7 | docs: DOCS-0000 |
8 | 8 | --- |
9 | 9 |
|
10 | | -Users can scale both the NGINX Gateway Fabric control plane and data planes separately. This guide walks you through how to scale each component effectively and helps you decide when to scale the data plane versus creating a new gateway, based on your traffic patterns. |
| 10 | +This document describes how you can separately scale the NGINX Gateway Fabric control plane and data plane. |
| 11 | + |
| 12 | +It provides guidance on how to scale each plane effectively, and when you should do so based on your traffic patterns. |
11 | 13 |
|
12 | | ---- |
13 | 14 |
|
14 | 15 | ### Scaling the data plane |
15 | 16 |
|
16 | | -The data plane is the NGINX deployment that handles user traffic to backend applications. |
17 | | -Every Gateway object that gets created results in a new NGINX deployment being provisioned with its own configuration. There are a couple of options on how to scale data plane deployments. You can do so either by increasing the number of replicas for the data plane deployment or by creating a new Gateway to provision a new data plane. |
| 17 | +The data plane is the NGINX deployment that handles user traffic to backend applications. Every Gateway object created provisions its own NGINX deployment and configuration. |
| 18 | + |
| 19 | +You have two options for scaling the data plane: |
| 20 | + |
| 21 | +- Increasing the number of replicas for an existing deployment |
| 22 | +- Creating a new Gateway for a new data plane |
| 23 | + |
| 24 | +#### When to increase replicas or create a new Gateway |
| 25 | + |
| 26 | +Understanding when to increase replicas or create a new Gateway is key to managing traffic effectively. |
18 | 27 |
|
19 | | -#### When to create a new gateway vs Scale Data plane replicas |
| 28 | +Increasing data plane replicas is ideal when you need to handle more traffic without changing the configuration. |
20 | 29 |
|
21 | | -When using NGINX Gateway Fabric, understanding when to scale the data plane vs when to create a new gateway is key to managing traffic effectively. |
| 30 | +For example, if you're routing traffic to `api.example.com` and notice an increase in load, you can scale the replicas from 1 to 5 to better distribute the traffic and reduce latency. |
22 | 31 |
|
23 | | -Scaling data plane replicas is ideal when you need to handle more traffic without changing the configuration. For example, if you're routing traffic to `api.example.com` and notice an increase in load, you can scale the replicas from 1 to 5 to better distribute the traffic and reduce latency. All replicas will share the same configuration from the Gateway used to set up the data plane, making configuration management easy. |
| 32 | +All replicas will share the same configuration from the Gateway used to set up the data plane, simplifying configuration management. |
24 | 33 |
|
25 | 34 | There are two ways to modify the number of replicas for an NGINX deployment: |
26 | 35 |
|
27 | | -- Modifying the field `nginx.replicas` in the `values.yaml` or add the `--set nginx.replicas=` flag to the `helm install` command. Below is an example to do so: |
| 36 | +First, by modifying the field `nginx.replicas` in the `values.yaml` or adding the `--set nginx.replicas=` flag to the `helm install` command. |
28 | 37 |
|
29 | | - ```text |
30 | | - helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway --set nginx.replicas=5 |
31 | | - ``` |
| 38 | +```text |
| 39 | +helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway --set nginx.replicas=5 |
| 40 | +Secondly, by editing the `NginxProxy` resource attached to the data plane deployment. You can specify the number of replicas in the field `kubernetes.deployment.replicas` of the nginxProxy resource: |
32 | 41 |
|
33 | | -- Editing the `NginxProxy` resource attached to the data plane deployment. You can specify the number of replicas in the field `kubernetes.deployment.replicas` of the nginxProxy resource: |
| 42 | +```text |
| 43 | +kubectl edit nginxproxies.gateway.nginx.org ngf-proxy-config -n nginx-gateway |
34 | 44 |
|
35 | | - ```text |
36 | | - kubectl edit nginxproxies.gateway.nginx.org ngf-proxy-config -n nginx-gateway |
37 | | - ``` |
38 | 45 |
|
39 | | -The other way to scale data planes is by creating a new Gateway. This is is beneficial when you need distinct configurations, isolation, or separate policies. For example, if you're routing traffic to a new domain `admin.example.com` and require a different TLS certificate, stricter rate limits, or separate authentication policies, creating a new Gateway could be a good approach. It allows safe experimentation with isolated configurations and makes it easier to enforce security boundaries and apply specific routing rules. |
| 46 | +The alternate way to scale the data plane is by creating a new Gateway. This is is beneficial when you need distinct configurations, isolation, or separate policies. |
| 47 | +
|
| 48 | +For example, if you're routing traffic to a new domain `admin.example.com` and require a different TLS certificate, stricter rate limits, or separate authentication policies, creating a new Gateway could be a good approach. |
| 49 | +
|
| 50 | +It allows for safe experimentation with isolated configurations and makes it easier to enforce security boundaries and specific routing rules. |
40 | 51 |
|
41 | | ---- |
42 | 52 |
|
43 | 53 | ### Scaling the control plane |
44 | 54 |
|
45 | 55 | The control plane builds configuration based on defined Gateway API resources and sends that configuration to the NGINX data planes. With leader election enabled by default, the control plane can be scaled horizontally by running multiple replicas, although only the pod with leader lease can actively manage configuration status updates. |
46 | 56 |
|
47 | 57 | Scaling the control plane can be beneficial in the following scenarios: |
48 | 58 |
|
49 | | - 1. *Higher Availability* - When a control plane pod crashes, runs out of memory, or goes down during an upgrade, it can interrupt configuration delivery. By scaling to multiple replicas, another pod can quickly step in and take over, keeping things running smoothly with minimal downtime. |
50 | | - 2. *Faster Configuration Distribution* - As the number of connected NGINX instances grows, a single control plane pod may become a bottleneck in handling connections or streaming configuration updates. Scaling the control plane improves concurrency and responsiveness when delivering configuration over gRPC. |
51 | | - 3. *Improved Resilience* - Running multiple control plane replicas provides fault tolerance. Even if the pod holding the leader lease fails, another pod can quickly step in and take over, preventing disruptions in status updates. |
| 59 | +1. _Higher availability_ - When a control plane pod crashes, runs out of memory, or goes down during an upgrade, it can interrupt configuration delivery. By scaling to multiple replicas, another pod can quickly step in and take over, keeping things running smoothly with minimal downtime. |
| 60 | +1. _Faster configuration distribution_ - As the number of connected NGINX instances grows, a single control plane pod may become a bottleneck in handling connections or streaming configuration updates. Scaling the control plane improves concurrency and responsiveness when delivering configuration over gRPC. |
| 61 | +1. _Improved resilience_ - Running multiple control plane replicas provides fault tolerance. Even if the pod holding the leader lease fails, another pod can quickly step in and take over, preventing disruptions in status updates. |
52 | 62 |
|
53 | 63 | To scale the control plane, use the `kubectl scale` command on the control plane deployment to increase or decrease the number of replicas. For example, the following command scales the control plane deployment to 3 replicas: |
54 | 64 |
|
55 | 65 | ```text |
56 | 66 | kubectl scale deployment -n nginx-gateway ngf-nginx-gateway-fabric --replicas 3 |
57 | 67 | ``` |
58 | 68 |
|
59 | | -#### Known risks around scaling control plane |
| 69 | +#### Known risks when scaling the control plane |
60 | 70 |
|
61 | 71 | When scaling the control plane, it's important to understand how status updates are handled for Gateway API resources. |
62 | | -All control plane pods can send NGINX configuration to the data planes. However, only the leader control plane pod is allowed to write status updates to Gateway API resources. This means that if an NGINX instance connects to a non-leader pod, and an error occurs when applying the config, that error status will not be written to the Gateway object status. To help mitigate the potential for this issue, ensure that the number of NGINX data plane pods equals or exceeds the number of control plane pods. This increases the likelihood that at least one of the data planes is connected to the leader control plane pod. This way if an applied configuration has an error, the leader pod will be aware of it and status can still be written. |
| 72 | + |
| 73 | +All control plane pods can send NGINX configuration to the data planes. However, only the leader control plane pod is allowed to write status updates to Gateway API resources. |
| 74 | + |
| 75 | +If an NGINX instance connects to a non-leader pod, and an error occurs when applying the config, that error status will not be written to the Gateway object status. |
| 76 | + |
| 77 | +To mitigate the potential for this issue, ensure that the number of NGINX data plane pods equals or exceeds the number of control plane pods. |
| 78 | + |
| 79 | +This increases the likelihood that at least one of the data planes is connected to the leader control plane pod. If an applied configuration has an error, the leader pod will be aware of it and status can still be written. |
63 | 80 |
|
64 | 81 | There is still a chance (however unlikely) that one of the data planes connected to a non-leader has an issue applying its configuration, while the rest of the data planes are successful, which could lead to that error status not being written. |
65 | 82 |
|
66 | 83 | To identify which control plane pod currently holds the leader election lease, retrieve the leases in the same namespace as the control plane pods. For example: |
67 | 84 |
|
68 | | - ```text |
69 | | - kubectl get leases -n nginx-gateway |
70 | | - ``` |
| 85 | +```text |
| 86 | +kubectl get leases -n nginx-gateway |
71 | 87 |
|
72 | 88 | The current leader lease is held by the pod `ngf-nginx-gateway-fabric-b45ffc8d6-d9z2g_2ef81ced-f19d-41a0-9fcd-a68d89380d10`: |
73 | 89 |
|
74 | | - ```text |
75 | | - NAME HOLDER AGE |
76 | | - ngf-nginx-gateway-fabric-leader-election ngf-nginx-gateway-fabric-b45ffc8d6-d9z2g_2ef81ced-f19d-41a0-9fcd-a68d89380d10 16d |
77 | | - ``` |
| 90 | +```text |
| 91 | +NAME HOLDER AGE |
| 92 | +ngf-nginx-gateway-fabric-leader-election ngf-nginx-gateway-fabric-b45ffc8d6-d9z2g_2ef81ced-f19d-41a0-9fcd-a68d89380d10 16d |
78 | 93 |
|
79 | 94 | --- |
0 commit comments