|
1 | 1 | = Service exposition |
2 | 2 |
|
3 | | -For some deployed products it is sufficient to be only accessible within the Kubernetes cluster, while others need to be accessible from outside the Kubernetes cluster. |
4 | | -This can e.g. be from your internal corporate network when running on bare metal, your internal network in your cloud provider or the Internet. |
| 3 | +Most data products expose a service, either to be used by other tools running in the same cluster, or an API or web interface to be used by a user outside of the cluster. For example, ZooKeeper is a service that is required as a dependency by other tools, and needs to expose its service in the cluster only, while Superset is an analysis tool used by end user which need to access it from the outside, which can either mean the local network of your company, or exposed on the internet if the Kubernetes cluster is running in the cloud. |
| 4 | +This page gives an overview over the different options for service exposition, when to chose which option and how these options are configured. |
5 | 5 |
|
6 | | -As of the release 23.4, the Stackable Operators create Kubernetes Service objects to expose the deployed product. |
7 | | -For security reasons, the Services default to the `ClusterIP` type in order to avoid exposing anything to the public. |
8 | | -You can specify the type within the custom resource field `spec.clusterConfig.listenerClass` by setting it to either: |
| 6 | +== Service exposition options |
9 | 7 |
|
10 | | -* `cluster-internal` => Use `ClusterIP` (default) |
11 | | -* `external-unstable` => Use `NodePort` |
12 | | -* `external-stable` => Use `LoadBalancer` |
| 8 | +The service offered by a data product is the utility it is used for, but https://kubernetes.io/docs/concepts/services-networking/service/[Service] also means the Kubernetes resource. The Stackable Data Platform supports three types of Service: |
13 | 9 |
|
14 | | -Please note that as of the release 23.4 not all operators support all the mentioned `Service` types. |
| 10 | +* ClusterIP |
| 11 | +* NodePort |
| 12 | +* LoadBalancer |
15 | 13 |
|
16 | | -In a future release, the `ListenerClass` provided by the xref:listener-operator:index.adoc[listener-operator] will be supported to make things more flexible. |
| 14 | +Every data product cluster supports configuring this through the custom resource field `spec.clusterConfig.listenerClass`. There are three ListenerClasses, named after the goal for which they are used (more on this in the <<when-to-choose-which-option, next section>>): |
| 15 | + |
| 16 | +* `cluster-internal` => Use ClusterIP (default) |
| 17 | +* `external-unstable` => Use NodePort |
| 18 | +* `external-stable` => Use LoadBalancer |
| 19 | + |
| 20 | +The `cluster-internal` class only exposes a Service inside the cluster by using a ClusterIP Service. This setting is the default and it was chosen for security reasons: By default, no Service is exposed to the public. |
| 21 | + |
| 22 | +NOTE: Not all Operators support all classes. Consult the Operator specific documentation to find out about the supported service types. |
| 23 | + |
| 24 | +== [[when-to-choose-which-option]]When to choose which option |
| 25 | + |
| 26 | +There are three options, one for internal traffic and two for external access, where internal and external refer to the Kubernetes cluster. Internal means inside of the Kuberenetes cluster, and external means access from outside of it. |
| 27 | + |
| 28 | +=== Internal |
| 29 | + |
| 30 | +The `cluster-internal` setting is the default class and, the Service is only exposed inside the Kubernetes cluster. This is useful for internal dependencies such as xref:zookeeper:index.adoc[Apache ZooKeeper] or the xref:hive:index.adoc[Apache Hive metastore] or a xref:kafka:index.adoc[Apache Kafka] cluster used for internal data flow. All requests are coming from inside the Kubernetes cluster. |
| 31 | + |
| 32 | +=== External |
| 33 | + |
| 34 | +External access is needed when a tool needs to be accessed from _outside_ of the Kubernetes cluster. This is necessary for all tools that are used by a user, such as the data visualization tool xref:superset:index.adoc[Apache Superset]. Some tools can expose APIs for data ingestion like xref:kafka:index.adoc[Apache Kafka] or xref:nifi:index.adoc[Apache NiFi]. If data needs to be ingested from outside of the cluster, one of the external listener classes should be chosen. |
| 35 | + |
| 36 | +When to use `stable` and when to use `unstable`? The `external-unstable` setting exposes a NodePort. This means that the service will be exposed at a port on the node that the Pod is running on. (TODO Advantages?) This has the advantage that .... but it the port is not known in advance and is also not stable: After a Pod restart, the port might change. The `external-stable` setting uses a LoadBalancer. The LoadBalancer is running at a fixed adress and is therefore `stable`. But .... |
| 37 | + |
| 38 | +== Outlook |
| 39 | + |
| 40 | +These listener classes are hardcoded to expose certain Service types and do not offer any additional configuration. |
| 41 | +In a future release, the `ListenerClass` provided by the xref:listener-operator:index.adoc[listener-operator] will allow you to create your own listener class variants, with more granual configuration options. |
0 commit comments