Exposing ObjectServer ClusterIP services by using the LoadBalancer service

ClusterIP service types are the default deployment configuration. By default, ClusterIP service types are not exposed outside of the cluster. The method used to expose the services depends on how the cluster has been installed and the surrounding network infrastructure.

About this task

The following steps present an example configuration using a LoadBalancer ExternalIP service to expose the ObjectServer services through the worker nodes. This example might not be applicable in all cluster environments.

To expose the ObjectServer ClusterIP services you can configure a LoadBalancer ExternalIP service resource.

Procedure

  1. List IP addresses of worker nodes:
    # oc get nodes --selector='node-role.kubernetes.io/worker' -o jsonpath="{.items[*].status.addresses[?(@.type=='InternalIP')].address}"
    
    <Worker node 1 IP address>
    <Worker node 2 IP address>
    <Worker node 3 IP address>
    . . .
    
  2. Configure LoadBalancer ExternalIP services to expose the proxy and primary and backup ObjectServer services. Edit the following YAML by replacing the externalIP array entries with those from your cluster:
    apiVersion: v1
    kind: Service
    metadata:
      name: <releasename>-proxy-externalip 
    spec:
      ports:
      - name: aggp-tds
        port: 6001
      - name: aggb-tds
        port: 6002
      externalTrafficPolicy: Cluster
      externalIPs:
      - <Worker node 1 IP address>
      - <Worker node 2 IP address>
      - <Worker node 3 IP address>
      type: LoadBalancer 
      selector:
        app.kubernetes.io/name: proxy
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: <releasename>-ncoprimary-externalip 
    spec:
      ports:
      - name: aggp-tds
        port: 4100
      - name: aggp-iduc
        port: 4101
      externalTrafficPolicy: Cluster
      externalIPs:
      - <Worker node 1 IP address>
      - <Worker node 2 IP address>
      - <Worker node 3 IP address>
      type: LoadBalancer 
      selector:
        app.kubernetes.io/name: ncoprimary
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: <releasename>-ncobackup-externalip 
    spec:
      ports:
      - name: aggb-tds
        port: 4102
        targetPort: 4100
      - name: aggb-iduc
        port: 4103
      externalTrafficPolicy: Cluster
      externalIPs:
      - <Worker node 1 IP address>
      - <Worker node 2 IP address>
      - <Worker node 3 IP address>
      type: LoadBalancer 
      selector:
        app.kubernetes.io/name: ncobackup 
    
    Note: It is not necessary to specify all worker nodes in the externalIPs array. A single node or a subset of nodes is enough. The iptables rules and kube-proxy on the worker node will forward traffic to the relevant pod on whichever node it resides.

    Once the LoadBalancer service is created, the proxy and ObjectServer Insert Delete Update Control (IDUC) services will be available through the worker node IP address defined in the ExternalIPs array.

  3. Edit the NOI operator custom resource to use port 4103 for IDUC.
    helmValuesNOI:
      ncobackup.objserv.internal.iducPort: 4103
    

    After the LoadBalancer service is created, the proxy and ObjectServer services will be available through the worker node IP address that is defined in the ExternalIPs array.

  4. Edit the <releasename>-objserv-agg-backup service to use port 4103 for IDUC.
    spec:
      - name: backup-iduc-port
        port: 4103
        protocol: TCP
        targetPort: 4103
    
  5. Check connectivity from outside the cluster by using the worker node IP address and port number. For example, to test the connection to the primary ObjectServer, run the following command:
    # netcat -v <API node IP address> 4101 6001 6002
    Where <API node IP address> is the IP address of the API node, for example noi.apps.xyz.com.