Skip to content

Latest commit

 

History

History
120 lines (93 loc) · 5.28 KB

client_service.md

File metadata and controls

120 lines (93 loc) · 5.28 KB

nebula client service

For every nebula cluster created, the nebula operator will create a graphd service in the same namespace with the name <cluster-name>-graphd-svc.

$ kubectl get service -l app.kubernetes.io/cluster=nebula
NAME                       TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                                          AGE
nebula-graphd-svc          ClusterIP   10.98.213.34   <none>        9669/TCP,19669/TCP,19670/TCP                     23h
nebula-metad-headless      ClusterIP   None           <none>        9559/TCP,19559/TCP,19560/TCP                     23h
nebula-storaged-headless   ClusterIP   None           <none>        9779/TCP,19779/TCP,19780/TCP,9778/TCP            23h

The client service is of type ClusterIP and accessible only from within the Kubernetes CNI network.

For example, access the service from a pod in the cluster:

$ kubectl run --rm -ti --image vesoft/nebula-console:v2.5.0 --restart=Never -- /bin/sh
/ # nebula-console -u user -p password --address=nebula-graphd-svc --port=9669
2021/04/12 08:16:30 [INFO] connection pool is initialized successfully

Welcome to Nebula Graph!
(user@nebula) [(none)]> 

If accessing this service from a different namespace than that of the nebula cluster, use the fully qualified domain name (FQDN) http://<cluster-name>-graphd.<cluster-namespace>.svc.<CLUSTER_DOMAIN>:9669.

Generally, the default value of CLUSTER_DOMAIN is cluster.local.

Accessing the service from outside the cluster

To access the graphd service of the nebula cluster from outside the Kubernetes cluster, expose a new client service of type NodePort. If using a cloud provider like Azure, GCP or AWS, setting the type to LoadBalancer will automatically create the load balancer with a publicly accessible IP.

The spec for this service will use the label selector app.kubernetes.io/cluster: <cluster-name> app.kubernetes.io/component: graphd to load balance the client requests over the graphd pods in the cluster.

For example, create a nodePort service for the cluster described above:

$ cat config/samples/graphd-nodeport-service.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/cluster: nebula
    app.kubernetes.io/component: graphd
    app.kubernetes.io/managed-by: nebula-operator
    app.kubernetes.io/name: nebula-graph
  name: nebula-graphd-svc-nodeport
  namespace: default
spec:
  externalTrafficPolicy: Local
  ports:
  - name: thrift
    port: 9669
    protocol: TCP
    targetPort: 9669
  - name: http
    port: 19669
    protocol: TCP
    targetPort: 19669
  selector:
    app.kubernetes.io/cluster: nebula
    app.kubernetes.io/component: graphd
    app.kubernetes.io/managed-by: nebula-operator
    app.kubernetes.io/name: nebula-graph
  type: NodePort

$ kubectl create -f graphd-nodeport-service.yaml
$ kubectl get services
NAME                           TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                                          AGE
nebula-graphd-svc              ClusterIP   10.98.213.34   <none>        9669/TCP,19669/TCP,19670/TCP                     23h
nebula-graphd-svc-nodeport     NodePort    10.107.153.129 <none>        9669:32236/TCP,19669:31674/TCP,19670:31057/TCP   24h
nebula-metad-headless          ClusterIP   None           <none>        9559/TCP,19559/TCP,19560/TCP                     23h
nebula-storaged-headless       ClusterIP   None           <none>        9779/TCP,19779/TCP,19780/TCP,9778/TCP            23h

Now test the connection outside the Kubernetes cluster:

/ # nebula-console -u user -p password --address=192.168.8.26 --port=32236
2021/04/12 08:50:32 [INFO] connection pool is initialized successfully

Welcome to Nebula Graph!
(user@nebula) [(none)]> 

Accessing the service via nginx-ingress-controller

Nginx Ingress is an implementation of Kubernetes Ingress. It watch the Ingress resources of the Kubernetes cluster then translate the Ingress rules into Nginx configurations, enabling Nginx to forward layer 7 traffic.

We provide an scenario to replace NodePort service, it runs in hostNetwork + daemonSet mode.

As hostNetwork is used, the Nginx Ingress pods cannot be scheduled to the same node. In order to avoid listening port conflicts, some nodes can be selected and labeled as edge nodes in advance, which are specially used to deploy Nginx Ingress. Nginx Ingress is then deployed on these nodes in DaemonSet mode.

Ingress does not support TCP or UDP services. For this reason the nginx-ingress-controller uses the flags --tcp-services-configmap and --udp-services-configmap to point to an existing config map where the key is the external port to use and the value indicates the service to expose using the format: <namespace/service name>:<service port>.

$ cat config/samples/nginx-ingress-daemonset-hostnetwork.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: nginx-ingress
data:
  # update 
  9669: "default/nebula-graphd-svc:9669"

If ConfigMap tcp-services is configured, then test the connection outside the Kubernetes cluster:

/ # nebula-console -addr 192.168.8.25 -port 9669 -u root -p nebula
2021/11/08 14:53:56 [INFO] connection pool is initialized successfully

Welcome to Nebula Graph!

(root@nebula) [(none)]>