Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow CoherenceCluster crd to override dnsPolicy and enable hostNetwork in statefulsets #365

Closed
jtyl2017 opened this issue Nov 11, 2019 · 2 comments
Closed

Allow CoherenceCluster crd to override dnsPolicy and enable hostNetwork in statefulsets #365

jtyl2017 opened this issue Nov 11, 2019 · 2 comments
Assignees
@thegridman

Comments

@jtyl2017
Copy link

Corporate policy may restrict the creation of Kubernetes Services that are of type: LoadBalancer. and as a result, external traffic to kubernetes coherence cluster nodes will be blocked. To allow external traffic access (in cases such as management and extend role nodes), we will need to apply the following workaround.

We will need the ability to set:

  • dnsPolicy=ClusterFirstWithHostNet
  • hostNetwork=true
  • per role annotations
    via the CoherenceCluster crd yaml file.

e.g. Sample content in CoherenceCluster crd yaml file (see ### <<---)

apiVersion: v1
items:
- apiVersion: coherence.oracle.com/v1
  kind: CoherenceCluster
  metadata:
    ...
  spec:
    application:
      ...
    coherence:
      ...
    env:
    ...
    roles:
    - application:
      role: proxy
      network:                              ### <<--- network section
        annotations:                        ### <<--- role specific annotations section
          dns.alpha.kubernetes.io/internal: ### <<--- role specific management coherence url here
        dnsPolicy: ClusterFirstWithHostNet  ### <<--- Chosen DNS Policy here
        hostNetwork:                        ### <<--- Enable HostNetwork
          enabled: true                     ### <<--- Enable HostNetwork

Once the CoherenceCluster crd yaml with above additions are deployed, the:

  • selected dnsPolicy,
  • hostNetwork enabled
  • dns annotations (role specific)
    settings should be applied to resulting Kubernetes Statefulsets and pods created by the CoherenceCluster crd.

e.g. Sample Result from CoherenceCluster crd yaml spec file (see ### <<---)

apiVersion: apps/v1
kind: StatefulSet
metadata:
  ...
  labels:
    ...
  name: ...
spec:
  ...
  template:
    metadata:
      annotations:                        ### <<-- role specific annotations section
        dns.alpha.kubernetes.io/internal: ### <<--- role specific management coherence url here
        prometheus.io/port: "2408"
    spec:
      ...
      containers:
        ...
      dnsPolicy: ClusterFirstWithHostNet  ### <<--- DNS Policy chosen
      hostNetwork: true                   ### <<--- hostNetwork enabled
@thegridman
Copy link
Member

The CoherenceCluster CRD already allows for annotations to be added to both StatefulSet/Pod and to the Services created for ports.
Pod/StatefulSet Annotation docs
Service Annotation Docs

For example:

apiVersion: coherence.oracle.com/v1
kind: CoherenceCluster
metadata:
  name: test-cluster
spec:
  annotations:    # <--- annotation here will be added to the StatefuSet/Pod for ALL roles
  roles:
    - role: data
      annotations:    # <--- annotation here will be added to the StatefuSet/Pod for just the data role
        dns.alpha.kubernetes.io/internal:
    - role: proxy
      annotations:    # <--- annotation here will be added to the StatefuSet/Pod for just the proxy role
        dns.alpha.kubernetes.io/internal:

The other settings are not currently supported but they should be simple enough to add.

thegridman added a commit that referenced this issue Nov 11, 2019
@thegridman
Issue #365 - Support additional networking and DNS configuration
d00f331
thegridman added a commit that referenced this issue Nov 11, 2019
@thegridman
Issue #365 - Support additional networking and DNS configuration
c22bee1
thegridman added a commit that referenced this issue Nov 12, 2019
@thegridman
Issue #365 - docs
520dbe1
thegridman added a commit that referenced this issue Nov 12, 2019
@thegridman
Support additional network settings (#366)
aa68fc2 
Issue #365 - Support additional networking and DNS configuration
@thegridman
Copy link
Member

Fixed in version 2.0.1

Additional network and DNS configuration has been added to the CRD.
See the docs: https://oracle.github.io/coherence-operator/docs/2.0.1/#/clusters/095_networking

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thegridman thegridman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thegridman @jtyl2017