Add vmauth as HTTP LoadBalancer option for VMCluster #1130
Assignees
Labels
enhancement
New feature or request
Comments
f41gh7
added a commit
that referenced
this issue
Oct 30, 2024
It allows to properly load-balance clients requests to the vmselect and vminsert componets. And utilise CPU usage evenly. It create additional services and update exist vminsert and vmselect service to point to the vmauth deployment. vmauth deployment uses unauthorized config and vmauth srv service-discovery mechanism for pod discovery. Operator also applies all user defined service modification to the internal services. An addiional note, it's required to update multi-level clusters setup. Since cluster related ports will be only exposed at internal services. Since vmauth cannot route tcp requests. related issue: #1130 Signed-off-by: f41gh7 <[email protected]>
network scheme for the new topology with vmauth deployment. |
f41gh7
added a commit
that referenced
this issue
Oct 31, 2024
It allows to properly load-balance clients requests to the vmselect and vminsert componets. And utilise CPU usage evenly. It create additional services and update exist vminsert and vmselect service to point to the vmauth deployment. vmauth deployment uses unauthorized config and vmauth srv service-discovery mechanism for pod discovery. Operator also applies all user defined service modification to the internal services. An addiional note, it's required to update multi-level clusters setup. Since cluster related ports will be only exposed at internal services. Since vmauth cannot route tcp requests. related issue: #1130 Signed-off-by: f41gh7 <[email protected]>
f41gh7
added a commit
that referenced
this issue
Oct 31, 2024
It allows to properly load-balance clients requests to the vmselect and vminsert componets. And utilise CPU usage evenly. It create additional services and update exist vminsert and vmselect service to point to the vmauth deployment. vmauth deployment uses unauthorized config and vmauth srv service-discovery mechanism for pod discovery. Operator also applies all user defined service modification to the internal services. An addiional note, it's required to update multi-level clusters setup. Since cluster related ports will be only exposed at internal services. Since vmauth cannot route tcp requests. related issue: #1130 Signed-off-by: f41gh7 <[email protected]>
f41gh7
added a commit
that referenced
this issue
Oct 31, 2024
It allows to properly load-balance clients requests to the vmselect and vminsert componets. And utilise CPU usage evenly. It create additional services and update exist vminsert and vmselect service to point to the vmauth deployment. vmauth deployment uses unauthorized config and vmauth srv service-discovery mechanism for pod discovery. Operator also applies all user defined service modification to the internal services. An addiional note, it's required to update multi-level clusters setup. Since cluster related ports will be only exposed at internal services. Since vmauth cannot route tcp requests. related issue: #1130 Signed-off-by: f41gh7 <[email protected]>
f41gh7
added
the
waiting for release
f41gh7
added a commit
that referenced
this issue
Oct 31, 2024
It allows to properly load-balance clients requests to the vmselect and vminsert componets. And utilise CPU usage evenly. It create additional services and update exist vminsert and vmselect service to point to the vmauth deployment. vmauth deployment uses unauthorized config and vmauth srv service-discovery mechanism for pod discovery. Operator also applies all user defined service modification to the internal services. An addiional note, it's required to update multi-level clusters setup. Since cluster related ports will be only exposed at internal services. Since vmauth cannot route tcp requests. related issue: #1130 Signed-off-by: f41gh7 <[email protected]>
f41gh7
added a commit
that referenced
this issue
Oct 31, 2024
It allows to properly load-balance clients requests to the vmselect and vminsert componets. And utilise CPU usage evenly. It create additional services and update exist vminsert and vmselect service to point to the vmauth deployment. vmauth deployment uses unauthorized config and vmauth srv service-discovery mechanism for pod discovery. Operator also applies all user defined service modification to the internal services. An addiional note, it's required to update multi-level clusters setup. Since cluster related ports will be only exposed at internal services. Since vmauth cannot route tcp requests. related issue: #1130 Signed-off-by: f41gh7 <[email protected]>
|
Feature included to the v0.49.0 release |
hagen1778
removed
the
waiting for release
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, traffic to vmselect and vminsert components are routed via Kubernetes Service. It provides a connection based access model to the endpoint components behind it. Since It's a common practice for client applications to re-use established, it's most like that request traffic will be distributed unevenly between application replicas. It makes resources usage less efficient.
There are multiple ways to mitigate this issue. One of the most straightforward ways to mitigate it - enable client side load-balancing via Service-Mesh mechanism. But it's external component, that requires to be installed by kubernetes cluster administrators. It's out of the scope of operator to do that. We can only provide a recommendation at documentation for it.
It brings us to the second option - use http load-balacing proxy in front of vmselect/vminsert. And it's a good task for vmauth.
Proposed solution:
vmauthBalacingspec definition atVMCluster.enabledboolean flag.unauthorizedsection with routing to vmselect/vminsert by prefix.The text was updated successfully, but these errors were encountered: