Service Discovery - K8s

Objective

This document provides instructions on how to discover service endpoints using Kubernetes (K8s) service information. Service discovery enables you to find the endpoints where a given service is available. To know more information about service discovery, see Volterra Service Discovery.

Using the instructions provided in this guide, you can create a discovery object for a Kubernetes cluster and an endpoint for a service using the service name.


Prerequisites

The following prerequisites apply:

  • An existing Kubernetes cluster with a service or application reachable from a Volterra Site.
  • Note: The Kubernetes service should be of type NodePort.
  • In case of Amazon Elastic Kubernetes Service (EKS), token-based authentication is required. Therefore, you must add AWS credentials in the kubeconfig file for successful service discovery.

Configuration

Volterra enables users to discover existing service endpoints either natively or using external methods. This guide covers service discovery on sites, virtual sites, or virtual networks using Kubernetes service information.

The following figure shows the workflow for creating service discovery with Kubernetes service information:

FlowChart
Figure: Setting up Service Discovery with k8s Service Info

Configuration Sequence

Discovering services using the Kubernetes service information requires performing the following sequence of actions:

Phase Description
Create Discovery for External Kubernetes Cluster Create a service discovery object of type Kubernetes.
Verify Discovered Services Verify that the service discovery object is created and successfully discovered services.
Use Discovered Services Configure endpoint with K8s as the discovery type and associate sites with it.

Note: The site of discovery object and the endpoint must be the same.


Create Discovery for External Kubernetes Cluster

Step 1: Start discover object creation in VoltConsole.

Create a discovery configuration object in the System namespace. Select the system from the namespace menu. Select Manage from the configuration menu and Discovery from the options pane. Click Add discovery. The discovery object form gets loaded.

SDCCreat
Figure: Service Discovery Creation

Step 2: Enter metadata.

Enter name, labels, and description in the Name, Labels, and Description fields respectively.

Step 3: Configure where the discovery configuration is applicable.

Select Virtual Network or Site or Virtual Site for the Virtual-site or site or network field in the Where section. Accordingly, select an appropriate object from the Select ref field. Select Site Local Network for the Network Type field.

add disc basic
Figure: Service Discovery Config Options

Note: The Network Type field is not applicable for the Virtual Network setting. The Virtual Network option is visible when you enable the Show Advanced Fields option.

Step 4: Configure access credentials for K8s discovery method.
  • Select K8S Discovery Configuration for the Select Discovery Method field in the Discovery Method section. Click Configure under the K8S Discovery Configuration field.

kube tls options
Figure: Access Credentials Options

  • Configure access credentials for the K8s discovery using one of the following options for the Select Kubernetes Credentials field:
Step 4.1: Kubeconfig option.

Select Kubeconfig option. Click Configure and do the following:

  • Select Blindfold Secret for the Secret Info field and enter the kubeconfig for the secret field.
  • Click Blindfold to apply Volterra Blindfold to the kubeconfig. Wait for the display to show Blindfold configured. Click Apply.

blindfold
Figure: Encrypt the Kubeconfig

Note: This example uses Blindfold Secret for the Secret Info. However, you can also use other supported type of secrets available in the drop down menu for the Secret Info field.

Step 4.2: TLS Parameters for HTTP REST option.

Select TLS Parameters for HTTP REST option and do the following:

  • Enter API server and port in the API Server and Port field using the FQDN of the server in the <host:port> format.
  • Click Configure for the TLS Parameters field.

server client ca
Figure: Server and Client TLS Parameters

  • In the Server Parameters section, enter SNI in the SNI name field and enter the server CA certificate (or certificate chain) in the Server CA Certificates field.
  • In the Client Parameters section, enter client certificate in the Client Certificate field and click Configure for the Client Private Key field and do the following:

    • Select Blindfold Secret for the Secret Info field and enter the kubeconfig for the secret field.
    • Click Blindfold to apply Volterra Blindfold to the kubeconfig. Wait for the display to show Blindfold configured. Click Apply.

client private key
Figure: Encrypt the Private Key

Note: This example uses Blindfold Secret for the Secret Info. However, you can also use other supported type of secrets available in the drop down menu for the Secret Info field.

  • Click Apply.

Note: You can set a pod network to be isolated or reachable. Enable Show Advanced Fields option in the Access Credentials section and select one of the following values for the Kubernetes POD network reachability field:

  • For the Kubernetes POD reachable option, pod IPs are selected to route regardless of the type of service.
  • For the Kubernetes POD isolated option, you can route to services of type nodeport.
Step 5: Configure VIP publishing.

In the VIP Publishing configuration section, select an option for the Select VIP Publishing or DNS Delegation and configure as per the following guidelines:

  • For the Publish Domain to VIP mapping field, enter a namespace in the Default Namespace field. With this, all domains include the configured namespace in the domain name.
  • Select the Publish Fully Qualified Domain to VIP mapping field in case all domains have namespaces in their domain name (FQDN).
  • For the DNS Delegation field, enter a subdomain in the Subdomain field. Select Core DNS or Kube DNS for the DNS mode field depending on your external k8s cluster DNS provider.
  • Click Apply.
Step 6: Complete creating discovery object.

Click the Save and Exit option to create the discovery object.


Verify Discovered Services

Verify that the service discovery object is created and discovered services.

Step 1: Verify that the services are discovered.

Navigate to Manage -> App Management -> Service Discovery. Verify that the service discovery object is created and the Services field displays the number of services discovered.

verify 1
Figure: Service Discovery Created

Step 2: Check the list of services discovered.

Click on the value displayed on the Services field. This displays the list of discovered services.

verify 2
Figure: Discovered Services

Note: Note down the Service Name field for a service to use it in configuration such as origin pools or endpoints.


Use Discovered Services

After the service discovery object is created and the services are discovered, you can use it in the configurations such as the following:

  • Origin Pools: The origin pools are a way to declare the origin servers for your service in the load balancer configuration. You can create origin pools as part of HTTP load balancer creation or individually create and apply it to a HTTP load balancer later.
  • Endpoints: The endpoint objects are for advanced configuration for using in the virtual host configuration.

Configure Origin Pool with K8s Service Information

This chapter shows the origin pool creation with K8s service name for the origin server specification.

Step 1: Start origin pool creation.

Log into VoltConsole and change to your application namespace. Select Manage -> Origin Pools. Click Add Origin Pool.

Step 2: Configure origin server type.

Set a name in the metadata section and select k8s Service Name of Origin Server on given Sites option for the Select Type of Origin Server field.

Step 3: Set the service name.

Enter service name in the Service Name field. Obtain the service name using the instructions in the Verify Discovered Services chapter.

Step 4: Set site or virtual site for the discovery configuration.

Select Site or Virtual Site for the Select Site or Virtual Site field and select a site or virtual site accordingly. Select a network for the Select Network on the site option.

Step 5: Complete origin pool creation.

Enter a port in the Port field. Scroll down and click Save and Exit.

orig pool
Figure: Origin Pool with K8s Service Information

This enables the service to be reachable on the selected network on the selected site or virtual site.


Create Endpoint with K8s Service Information

Step 1: Navigate to application namespace or create one.

Select desired namespace from the namespace selector or create a namespace using the General -> Personal Management -> My Namespaces -> Add namespace option.

Step 2: Start creating endpoint.

Select Manage -> Virtual Host from the configuration menu and Endpoints from the options pane. Click Add endpoint.

ep nav
Figure: Endpoint Creation

The Add endpoint form gets loaded. Add a name, optionally set labels, and optionally add a description.

Step 3: Obtain the K8s service information.

Refer to the Verify Discovered Services chapter for the K8s service information.

Step 4: Configure where the endpoint should be discovered.

Select an appropriate option in the Where field. Click Select ref. This site or virtual site or virtual network must be same as that of the discovery object created.

where
Figure: Endpoint Address Reference Selector

Note: Any reference object (site, virtual site, and virtual network) needs to be created and listed before configuring the Selectref field. All the available object list gets displayed on a cascading menu where you can select one or more objects.

Step 5: Configure endpoint address information.

Confifure as per the following guidelines:

  • Select Service Selector info for the Endpoint Specifier field.
  • Select Kubernetes for the Discovery field.
  • Select Service name for the Service field.
  • Enter your service name in the Service name field. Use the <servicename.namespace> format.

    Note: Obtain service name from Step 3.

Step 6: Enter port and protocol values.

Enter values for the fields Port and Protocol respectively.

k8s srv
Figure: Endpoint Address Service Info Config Options

Note: The port must be the service port of the Kubernetes service and not the node port.

With the steps above, you can discover a service endpoint from external Kubernetes providers using ‘Service Info’ on a location specified using the selector. Once the service is discovered, the object can be used with other configuration objects of Volterra platform. For example, you can advertise it across sites in cloud or edge.


Concepts


API References