Skip to content

Instantly share code, notes, and snippets.

@howardjohn

howardjohn/README.md

Created February 24, 2021 18:23
Show Gist options
  • Save howardjohn/7557cb70fc59ab1b12ddde731d0f3421 to your computer and use it in GitHub Desktop.
Save howardjohn/7557cb70fc59ab1b12ddde731d0f3421 to your computer and use it in GitHub Desktop.
Download ZIP
Multinetwork statefulsets
Raw
README.md

Multicluster statefulset

alpha.yaml: install in cluster "alpha" beta.yaml: install in cluster "beta"

Results:

Same network

  • echo-alpha.default: sort of works, but load balancing is broken (istio/istio#31064)
  • echo-alpha-0.default: works
  • echo-alpha-0.echo-alpha.default: works
  • POD_IP: works

Cross network

  • echo-alpha.default: broken. Routing is passthrough, which doesn't go through gateway
  • echo-alpha-0.default: works
  • echo-alpha-0.echo-alpha.default: works
  • POD_IP: broken. For http we hit passthrough cluster (host header routing). For TCP, we match the echo-alpha.default which doesn't work per above
Raw
alpha.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: echo-alpha
spec:
selector:
matchLabels:
app: echo-alpha
serviceName: echo-alpha
replicas: 2
template:
metadata:
labels:
app: echo-alpha
spec:
containers:
- name: echo-alpha
image: gcr.io/istio-testing/app:latest
args:
- --tcp=9090
- --port=80
- --port=443
- --tls=443
- --crt=/cert.crt
- --key=/cert.key
---
apiVersion: v1
kind: Service
metadata:
name: echo-alpha
spec:
selector:
app: echo-alpha
clusterIP: None
ports:
- name: http
port: 80
- name: https
port: 443
- name: tcp
port: 9090
---
# Option 1: Service
# Note: we get a different hostname here!
apiVersion: v1
kind: Service
metadata:
name: echo-alpha-0
spec:
selector:
statefulset.kubernetes.io/pod-name: echo-alpha-0
# clusterIP: None # In single network, probably best to use headless
# We will fix dns resolution to not need this service for single network though
ports:
- name: http
port: 80
- name: https
port: 443
- name: tcp
port: 9090
---
# Option 2: ServiceEntry
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: echo-alpha-0
spec:
addresses:
- 240.0.0.11
workloadSelector:
labels:
statefulset.kubernetes.io/pod-name: echo-alpha-0
hosts:
- echo-alpha-0.echo-alpha.default.svc.cluster.local
location: MESH_INTERNAL
ports:
- name: http
number: 80
protocol: HTTP
- name: https
number: 443
protocol: HTTPS
- name: tcp
number: 9090
protocol: TCP
resolution: STATIC
---
Raw
beta.yaml
# Option 1: Service
# Note: we get a different hostname here!
apiVersion: v1
kind: Service
metadata:
name: echo-alpha-0
spec:
selector:
statefulset.kubernetes.io/pod-name: echo-alpha-0
# clusterIP: None # In single network, probably best to use headless
# We will fix dns resolution to not need this service for single network though
ports:
- name: http
port: 80
- name: https
port: 443
- name: tcp
port: 9090
---
# Option 2: ServiceEntry
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: echo-alpha-0
spec:
addresses:
- 240.0.0.11
workloadSelector:
labels:
statefulset.kubernetes.io/pod-name: echo-alpha-0
hosts:
- echo-alpha-0.echo-alpha.default.svc.cluster.local
location: MESH_INTERNAL
ports:
- name: http
number: 80
protocol: HTTP
- name: https
number: 443
protocol: HTTPS
- name: tcp
number: 9090
protocol: TCP
resolution: STATIC
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment