-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Single VPC Lattice Service with multiple listeners (each explicitly linked to a different backendRef
)
#644
Comments
Could you help me to try this way and let me know does this work for you? (if it's not work, can you help to paste some controller error logs?) Thank you so much! Maybe you can create one HTTPRoute and one GRPCRoute:
|
Hi, thanks for your response! I forgot to mention that I also tried this option already indeed, but what then seems to happen is:
When describing the
So it looks like the controller tries to create a new Lattice service for the |
Hi @HannesBBR , thanks for your reply. The current controller version don't support your use case to translate k8s resource into 2 listeners in a same lattice Service and 2 listeners route traffic to different target groups. However, the vpc lattice itself did support that set up, for example: And for your suggest: To immediately unblock your use case, probably you can try this workaround: Use K8s ServiceExport and k8s TargetGroupPolicy only. Don't create any k8s Gateway, k8s HTTPRoute, k8s ServiceImport. Don't use the controller to manage the VPC Lattice service. Instead, manage the VPC Lattice service outside of the k8s. i.e., Use the aws console, CloudFormation, Terraform to create the VPC Lattice service network and service. For example, following this steps:
And we are open to discuss how to represent this lattice setup in the k8s resource in long term. (My personal suggestion is we do that way #644 (comment) but fix the controller issue: |
Thanks a lot for the example, I didn't know only having the For reference, one thing to keep in mind is to not yet apply the |
The controller did set aws-application-networking-k8s/pkg/deploy/lattice/targets_synthesizer.go Lines 148 to 150 in b73f671
Yes, you need to use this way to setup your resource. I think this user experience is fine? but change to:
also make sense to me. |
Yeah I think it's fine like this as well, just wanted to mention it for others, as it might not be obvious. Thanks again for your help! |
Hi,
One of our applications running in k8s accepts both GRPC and HTTP traffic (its pods have different containers with a different port). To handle traffic for this application, we have 2 k8s services:
service-rest
=> forwards traffic to the port of the rest-containerservice-grpc
=> forwards traffic to the port of the grpc-containerOur current ingress into this k8s application is an ALB with two listeners that forward traffic to the respective k8s service, based on the port:
443
listener => forwards to target grouptg-rest
, which sends traffic to theservice-rest
in k8s (targets are managed by the AWS load-balancer controller)50051
listener => forwards to target grouptg-grpc
, which sends traffic to theservice-grpc
in k8s (targets are managed by the AWS load-balancer controller)The domain name used by the clients is the same for both REST and GRPC traffic, and they choose the respective ALB listener port depending on whether they want to talk REST or GRPC.
As we are onboarding services into VPC Lattice, we'd now like the achieve the same kind of setup with VPC Lattice for this application:
443
listener => forward all traffic on this port to target groupvpc-lattice-tg-rest
50051
listener => forward all traffic on this port to target groupvpc-lattice-tg-grpc
I have tried some things to achieve this setup using the Gateway API controller, but I didn't find a way to do this:
HTTPRoute
resources with the same name, but a differentsectionName
in theparentRefs
property and a differentbackendRef
service:=> this creates a single VPC Lattice service with one listener and two target groups. However it causes the controller to periodically flipflop/overwrite the (single) listener of the service between the two ports related to the two
sectionNames
, instead of adding a second listener to the service that would then forward traffic to its respective targetgroup.HTTPRoute
resource, with twoparentRefs
and twobackendRefs
:=> the result is a single VPC Lattice service with two listeners, and two target groups. However, the rules in each of the two listeners basically split traffic evenly between the two created target groups, while we'd like to have all traffic for a listener be forwarded to the 'correct' target group only.
Ideally, I would hope something like this would be possible, where you explicitly define which backendRef should be used by which listener/parent:
But perhaps there already is another way of achieving the situation described above with the existing controller?
Many thanks!
The text was updated successfully, but these errors were encountered: