[teiid-issues] [JBoss JIRA] (TEIIDSB-64) Research HA

Steven Hawkins (Jira) issues at jboss.org
Fri Apr 12 14:55:00 EDT 2019 

    [ https://issues.jboss.org/browse/TEIIDSB-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721955#comment-13721955 ] 

Steven Hawkins commented on TEIIDSB-64:
---------------------------------------

Here's a good overview: https://docs.openshift.com/container-platform/3.9/dev_guide/expose_service/index.html

The options are:

- NodePort - https://access.redhat.com/solutions/3920661 - I don't think this should be promoted as a solution as it's pretty low level.  It requires you to determine the extneral node ips of the nodes where the service is running.

- TLS with SNI - by default will require the traffic to go through port 443.  Requires passthrough encryption, which means all traffic will be encrypted unless two transports are opened (JDBC).  Does not work for the pg protocol as it is not end to end TLS, instead it is negotiated post connection.

- A better NodePort solution is a LoadBalancer service - See https://docs.openshift.com/container-platform/3.9/dev_guide/expose_service/expose_internal_ip_load_balancer.html#getting-traffic-into-cluster-load and https://docs.openshift.com/container-platform/3.10/admin_guide/tcp_ingress_external_ports.html it can be created with just two commands or added to our templates.   Note that the external ip can be confusing.  There is a default value based upon ingressIPNetworkCIDR, but there are some doc issue https://github.com/openshift/openshift-docs/issues/11024 The simplest thing for minishift is to just use the console ip.  Tested with pg.  A downside is that you don't control the exposed node port.   I'll do some testing with Teiid and determine how this interacts with the service level session affinity.

- External IP - I haven't spent much time on that as it appears more involved.




> Research HA
> -----------
>
>                 Key: TEIIDSB-64
>                 URL: https://issues.jboss.org/browse/TEIIDSB-64
>             Project: Teiid Spring Boot
>          Issue Type: Quality Risk
>            Reporter: Steven Hawkins
>            Assignee: Steven Hawkins
>            Priority: Major
>
> Teiid's pg, and jdbc assume session affinity.  Also OData pagination works best with session affinity.
> For HA, and horizontal scaling, it would be good to have more than 1 pod alive and receiving traffic.  It appears that there is a sessionAffinity setting at a service level https://kubernetes.io/docs/concepts/services-networking/service/ and some work that can be done to customize routes https://docs.openshift.com/container-platform/3.9/architecture/networking/routes.html#routes-sticky-sessions - but that doesn't appear to work for just tcp traffic.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the teiid-issues mailing list