Hi Sebastian,
I must confess I understood about 30% of your email (I understood "Bela"
and "JGroups" LOL :-))...
Cross-site replication works by bridging local clusters with a 'global'
cluster. The endpoints (IP addresses:ports) of this global cluster need
to be listed (or found dynamically), and at the end of the day, I don't
care how we get them as long as we can establish (TCP) connections to them.
TCP, TCP_NIO2 and UDP are currently the only options, but if this only
works with HTTP, we could think about an HTTP protocol which sends and
receives serialized (binary) JGroups messages.
OTOH if we have site masters which have addresses that are accessible
from any of the local cluster nodes plus the other site masters, then I
don't see why we would need routes.
So if we can use Federation to (1) find endpoints of the global cluster
and (2) and SNI/TLS to exchange messages between site masters, I'm all
for building a specialized setup for Kubernetes/Openshift. Although, as
I mentioned above, I don't currently see what the value-add of (2) is.
Let's discuss this in a chat.
Cheers,
On 25/04/17 15:04, Sebastian Laskawiec wrote:
Hey Bela!
I've been thinking about Cross Site Replication using Relay protocol on
Kubernetes/OpenShift. Most of the installations should use Federation
[1] but I can also imagine a custom installation with two sites (let's
call them X and Y) and totally separate networks. In that case, the flow
through Kubernetes/OpenShift might look like the following:
Site X, Pod 1 (sending relay message) ---> sending packets ---> the
Internet ---> Site Y, Ingress/Route ---> Service ---> Site Y, Pod 1
Ingress/Routes and Services are Kubernetes/OpenShift "things". The
former acts as a reverse proxy and the latter as a load balancer.
Unfortunately Ingress/Routes don't have good support for custom
protocols using TCP (they were designed with HTTP in mind). The only way
to make it work is to use TLS with SNI [2][3]. So we would need to
encrypt all traffic with TLS and use Application FQDN (a fully qualified
application name, so something like
this:
infinispan-app-2-myproject.*site-x*.com) as SNI Hostname. Note
that FQDN for both sites might be slightly different - Infinispan on
site X might want to use FQDN containing site Y in its name and vice versa.
I was wondering if it is possible to configure JGroups this way. If not,
are there any plans to do so?
Thanks,
Sebastian
[1]
https://kubernetes.io/docs/concepts/cluster-administration/federation/
[2]
https://www.ietf.org/rfc/rfc3546.txt
[3] Look for "Passthrough Termination"
https://docs.openshift.com/enterprise/3.2/architecture/core_concepts/rout...
--
SEBASTIAN ĆASKAWIEC
INFINISPAN DEVELOPER
Red Hat EMEA <
https://www.redhat.com/>
<
https://red.ht/sig>
_______________________________________________
infinispan-dev mailing list
infinispan-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/infinispan-dev
--
Bela Ban |
http://www.jgroups.org