How to expose druid apis so that it can be accessed externally

Question

How to expose druid apis so that it can be accessed externally

ThatYodaCoder opened this issue 3 years ago · comments

I have used druid operator to deploy it in AWS EKS. But to make druid console accessible I had to create one more load balancer service as follows as all service types are ClusterIp and which are not accessible from outside. Is this the correct way to do it? Please let me know if I am missing anything.
How do you address this?

One more problem I am facing is how to access Middle manger ? Do I have I create one more loadbalancer for Middle manager as well?

load-balancer.yaml

kind: Service
apiVersion: v1
metadata:
name: ext-router-svc
namespace: druid-operator
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
spec:
type: LoadBalancer
selector:
app: druid
nodeSpecUniqueStr: druid-project-name-cluster-routers
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8088

Youngwoo Kim · Answer 1 · Mon Jan 03 2022 14:45:23 GMT+0800 (China Standard Time)

@prasadbhalerao1983 There are many ways to do that. e.g., LB, Ingress, API G/W and etc. In our case, we are using k8s ingress(nginx ingress-controller) to expose the Druid's router service.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: druid-router-basic-auth
    # message to display with an appropriate context why the authentication is required
    #nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
  name: druid-router-external
  namespace: default
spec:
  rules:
    - host: druid-router.example.com
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: druid-cluster-routers
                port:
                  number: 8888
  # This section is only required if TLS is to be enabled for the Ingress
  tls:
    - hosts:
        - druid-router.example.com
      secretName: druid-tls

I believe 'Kubernetes Ingress' is the most common way to expose services to external but It's not always suitable for your services. So, you should evaluate pros and cons for the options.

AdheipSingh · Answer 2 · Mon Jan 03 2022 14:50:29 GMT+0800 (China Standard Time)

@youngwookim @prasadbhalerao1983

to expose ingress you can mention it in the druid CR iteself, operator creates and manages ingress.

pls refer here https://github.com/druid-io/druid-operator/blob/master/docs/examples.md#configure-ingress

Youngwoo Kim · Answer 3 · Mon Jan 03 2022 15:00:18 GMT+0800 (China Standard Time)

Thank you @AdheipSingh for letting me know that!

maheshevizio · Answer 4 · Fri Apr 08 2022 01:05:53 GMT+0800 (China Standard Time)

I ran into the same issue: was able to create the Ingress Resource from the druid.yaml but it doesn't create the Ingress controller and had to manually do a helm deploy for the IngressController.
The Operator doesn't create an IngressController and noted that it only creates the IngressClass/resource

AdheipSingh · Answer 5 · Fri Apr 08 2022 12:42:50 GMT+0800 (China Standard Time)

@maheshevizio operator does not deploy ingress controller and is not responsible for external dependencies.

maheshevizio · Answer 6 · Fri Apr 08 2022 22:08:54 GMT+0800 (China Standard Time)

thanks for the note @AdheipSingh