Use GCE load balancer controller with backend buckets #33
Comments
|
From @bprashanth on March 7, 2017 3:39 I don't think there's an immediate work around, as the controller will construct a url map based on your ingress and sync it continuously. Something that says: serve static content for these paths from a content cache backed by [S3, GCS, memory etc] sounds like a good idea. We should allow GCE L7 x in-memory cache, but for the first cut we might get away with a simple boolean on the HTTPIngressPath (https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/extensions/types.go#L685). We'd have to assume GCS and allocates a private bucket if the Ingress is a GCE lb. Maybe we should fork into another issue that tackles how we enable CDN on Ingress, and figure out the api part first? @nicksardo @thockin |
|
From @ConradIrwin on March 29, 2017 22:16 @nicksardo thanks for picking this up! I'd also like to be able to proxy certain paths to CloudStorage — let me know if you want a sounding board for design decisions. |
|
From @bbzg on April 30, 2017 8:14 This would be very useful for us. Has there been any progress since March? |
|
From @thockin on May 1, 2017 4:16 As far as I know, nobody is looking at this right now. What I don't want On Sun, Apr 30, 2017 at 1:15 AM, bbzg [email protected] wrote:
|
|
From @ConradIrwin on May 1, 2017 4:50 Tim. The ingress API is very convenient, but I see your argument. Would it make more sense to make it a GCLB "controller" instead?Sent via SuperhumanOn Sun, Apr 30, 2017 at 9:16 PM, Tim Hockin[email protected]wrote:As far as I know, nobody is looking at this right now. What I don't want On Sun, Apr 30, 2017 at 1:15 AM, bbzg [email protected] wrote:
—You are receiving this because you commented.Reply to this email directly, view it on GitHub, or mute the thread. |
|
From @thockin on May 1, 2017 5:7 I'm not sure. It could go a couple ways. We could clearly denote where our controller will revert manual changes and On Sun, Apr 30, 2017 at 9:50 PM, Conrad Irwin [email protected]
|
|
From @ConradIrwin on May 1, 2017 5:18 I'd be happy with a less magic API between the two — i.e. I could manually configure a load balancer if kubernetes gave me a backend I could point it to (or maybe just an instance-group + port?)Sent via SuperhumanOn Sun, Apr 30, 2017 at 10:07 PM, Tim Hockin[email protected]wrote:I'm not sure. It could go a couple ways. We could clearly denote where our controller will revert manual changes and On Sun, Apr 30, 2017 at 9:50 PM, Conrad Irwin [email protected]
—You are receiving this because you commented.Reply to this email directly, view it on GitHub, or mute the thread. |
|
From @gcbirzan on July 20, 2017 13:58 As a workaround for this issue, wouldn't not touching rules that kubernetes cannot create (i.e. those not pointing to a backend service, but to a bucket) be okay? As a side note, we had this working on 1.6.x, but after upgrading it started removing the extra rules in the url map... |
|
From @c3s4r on July 26, 2017 22:24 Any updates on this? Is it scheduled? Is there a timeline? ... Since I want the content served using https, right now the only workaround I can think on is to manually create another load balancer (not using ingress) just for the static content, which I don't like because it adds the cost of an additional load balancer :( |
|
From @lostpebble on July 29, 2017 10:16 Just coming across this now after finishing setting up backend buckets for our system... This is a major set back for us trying to set up static file routes alongside our server backends. I agree with @gcbirzan that perhaps the load balancer should be updated for the values that Kubernetes can control rather than replaced wholly (and in the process removing GCP-specific rules). Right now things feel too flaky to rely on backend buckets for static file serving, if when we update the configuration we might lose those pathways and return bad requests. Huge pity because the CDN and load bearing capabilities the backend buckets could afford us is a major asset to our system. |
|
From @jakobholmelund on September 27, 2017 13:35 Any news on this ? |
|
Would be also really interested in this feature! we could really need that. |
|
Would there be maybe a possibility to use maye a ignore pattern and the possibility to use a existing load balancer? Then there could be existing url_maps maps ignored (if told in the ingress) same as other existing backends for example. This could also solve the CDN Problem. Then you configure Google Cloud Stuff individually without adding everything in kubernetes. |
|
+1 |
|
+1 this would be very useful. Current workaround is to use a regular old loadbalancer. |
|
+1 waiting this feature |
|
+1 |
3 similar comments
|
+1 |
|
+1 |
|
+1 |
|
+1 |
|
You can achieve this by configuring the K8 load-balancing manually as opposed to using an NGINX ingress. Assuming your services are deployed
For incoming TLS, create a Kubernetes secret of a cert and assign as per https://cloud.google.com/compute/docs/load-balancing/tcp-ssl |
|
You could also manage your own ports with the NodePort service to get
around the ephemeral port allocation.
…On Mon, Jan 22, 2018, 9:20 PM Alex Zuzin ***@***.***> wrote:
You can achieve this by configuring the K8 load-balancing manually as
opposed to using an NGINX ingress. Assuming your services are deployed
NodePort, you will need to:
- create a load balancer instance
- create a firewall rule that allows traffic from 130.211.0.0/22 and
35.191.0.0/16 to the K8 instance group
- create a backend service against the K8 instance group, pointing to
whatever node port the service in question exposes (they seem to be in the
tcp:30000-40000 range, roughly; exact port is available from kubectl
get service
This is mildly error-prone in the sense that a service's exposed node port
is presumably ephemeral wrt a kubectl replace, but still is much
preferred to having to run a group of HAProxy/Nginx instances just to get
around a temporary limitation in the NGINX ingress controller.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#33 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAkQy3fsaoCwxC_EsYPglw3b4g9Vxocdks5tNUH8gaJpZM4P13dR>
.
|
|
@zvozin I think you can set the I'm pretty much doing the same on my side, seems to be working quite well. And even though I'm not setting the Here are some notes I made during the process last time: Linking NodePort service to the GCE Load Balancer
|
|
Thank you @scottefein and @lostpebble - good point! |
|
+1 |
|
+1. Just came across this issue. Would love to see buckets integrated |
|
Hey, how is it going with this one? Seems to be a very common usecase. |
|
Looks like the Ingress resource adds the underlying support for this in k8s 1.19: |
|
Anyone having success configuring this? |
|
Even though Kubernetes v1 Ingress adds the ability to specify backends other than services the GCE Ingress controller does not support this. |
|
@swetharepakula do you know if it's planned and what's the timeline? |
|
Found this as well: https://issuetracker.google.com/issues/168854247 |
Thanks for the response. I've since learned about the gateways API too which actually seems to be a much better fit for what we want to do. It looks like it's going to be a long time until we can use it. |
|
Any news on this now that 1.22 is available in GKE? |
|
Hi all, while the backend references has been generalized, we need a K8s resource representation for buckets. There has been some work in the storage sig around a portable backend bucket representation which is one option, although that will take time to converge. The other choice would be a CRD that is specific to GCP representing a reference to a bucket. It is a somewhat strange object as it is purely a reference, so we have to think carefully about the semantics around the object. |
|
Sorry for spam, just wanted to mention for completeness that |
|
+1 for this |
|
+1 |
|
+1, would be very useful to serve both static (bucket) content and dynamic (service content) under one load balancer without it being overwritten by ingress. |
|
+1 |
+1 would be great to see this kind of feature. |
|
With the introduction of the Gateway API, we will look to add this functionality with Gateway. |
|
I'm not entirely sure this 5+ year ticket being closed with "maybe we'll do it somewhere" warrants a completed status. |
|
Sorry, for the confusion. This was meant to be closed as not planned. |
|
Is there a ticket tracking the addition of this in the Gateway API? If not, @swetharepakula are you open to creating one w/ a timeline of when it can be added in the Gateway API? I understand why this ticket was closed, but the functionality is still very useful to have. |
|
It seems the Ingress only accepts Service and other custom resources such as |
and others
From @omerzach on February 28, 2017 1:20
We're happily using the GCE load balancer controller in production to route traffic to a few different services. We'd like to have some paths point at backend buckets in Google Cloud Storage instead of backend services running in Kubernetes.
Right now if we manually create this backend bucket and then configure the load balancer to point certain paths at it the UrlMap is updates appropriately but almost immediately reverted to its previous setting, presumably because the controller sees it doesn't match the YAML we initially configured the Ingress with.
I have two questions:
(For some context, we'd like to do something like this: https://cloud.google.com/compute/docs/load-balancing/http/using-http-lb-with-cloud-storage)
Copied from original issue: kubernetes/ingress-nginx#353
The text was updated successfully, but these errors were encountered: