This is my first Kubernetes implementation and I’m on a “fast-track” project with truly zero experience with this technology. So, there’s been no time to really read and/or learn this technology. As a result, I have something that appears to work, but probably isn’t working correctly. It is the result many very poor choices, but I lack sufficient knowledge to know better and I’m coming here to learn how to use the technology.
Kubernetes version: v1
Cloud being used: AWS
Host OS: Linux
CNI and version:
CRI and version:
I’m writing automation to build a cluster of instances of an appliance on AWS. The appliance has a Tomcat web server and I need a load balancer on the front-end to spread load across the cluster…
Requests are made using HTTPS, and the appliances have services to build the certificate. That hostname is also used in other ways within the application, so if that hostname changes, the appliance has to be shutdown and restarted so that it can reconfigure and then restart.
I’ve tried using a Kubernetes Load Balancer service, but if that service restarts, the DNS name of the service changes. This means that I have to reconfigure the appliances, rebuild the certificate and then redeploy it in the load balancer. I can’t have this; the front-end DNS name MUST never change. I don’t care what DNS name external applications have to use, but that name MUST be fixed for the life of the AWS cluster. The only reason that name can change is that the AWS cluster was torn down and rebuilt.
At the moment, I’m using a horrible work-around: I’m starting a Kubernetes Node Port service, which has the effect of opening a backend port. For example, when the Node Port comes up, 8443 is mapped to something like 30256. My automation makes work by creating an AWS Classic Load Balancer and then having the listener pass traffic to 30256 (bypassing the NodePort service). This seems to work, but probably isn’t really spreading traffic over the nodes (it may be sending it to all of them simultaneously).
I realize there’s a similar problem that if the NodePort is restarted, that the backend node changes, but this can be fixed by changing the listener on the AWS load balancer, which is a simple, well-understood task.
It looks like I need a Kubernetes service of some form (probably a Load Balancer or maybe an “Ingress” - what is this?), but I need to tell Kubernetes to pick one DNS name and never change it or to let me set the external DNS name that Kubernetes uses.
By the way, I’ve noticed the articles about setting the domain name (e.g I bought a name from a service). I don’t own the hosting infrastructure, so I might be able to have the customer implement a name record change once (before the the cluster comes up the first time), but I don’t expect I can submit a second request. The result is that the AWS cluster must be built and it must be immutable. Any change to the cluster (other than changes that can be handled within AWS that have no external effect) will result is a “rip and replace” of the entire installation.