Skip to content

Allow external access to the HDFS cluster#175

Closed
nightkr wants to merge 20 commits intomainfrom
spike/external-access
Closed

Allow external access to the HDFS cluster#175
nightkr wants to merge 20 commits intomainfrom
spike/external-access

Conversation

@nightkr
Copy link
Copy Markdown
Contributor

@nightkr nightkr commented May 12, 2022

Description

Fixes #174

This allows users to access the HDFS cluster from outside of the K8s cluster. This requires a number of changes:

  • We configure the discovery configmap to use LoadBalancer services for access rather than the namenode pod hostnames
    • Prefer LB over NodePort services since k8s nodes are often temporary and fungible in cloud environments (especially when using managed K8s services)
    • We use a LB per namenode to allow clients to use their regular failover logic when namenodes are down/standby
  • Configure the datanodes to register their NodePort connection info rather than their Pod IP

Review Checklist

  • Code contains useful comments
  • (Integration-)Test cases added (or not applicable)
  • Documentation added (or not applicable)
  • Changelog updated (or not applicable)
  • Cargo.toml only contains references to git tags (not specific commits or branches)
  • Helm chart can be installed and deployed operator works (or not applicable)

Once the review is done, comment bors r+ (or bors merge) to merge. Further information

@nightkr nightkr self-assigned this May 12, 2022
nightkr
nightkr commented May 12, 2022
View reviewed changes
rust/crd/src/lib.rs
"{}.{}.{}.svc.cluster.local",
self.pod_name, self.role_group_service_name, self.namespace
)
self.external_name.clone().unwrap_or_else(|| {
Copy link
Copy Markdown
Contributor Author

@nightkr nightkr May 12, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not super happy with abusing the FQDN property here (or HdfsPodRef at all..?), this also breaks down if the user overrides the ports for whatever reason.

Copy link
Copy Markdown
Contributor Author

@nightkr nightkr May 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@razvan would it make sense to split HdfsPodRef into separate types for journalnodes and namenodes? We'll probably want to only use the external name for all namenode traffic anyway, once we start doing Kerberos (since this is linked to the hostname, and HDFS nodes dislike having more than one Kerberos principal each).

Copy link
Copy Markdown
Member

@razvan razvan May 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense.

rust/operator/src/hdfs_controller.rs Outdated
"sh".to_string(),
"-c".to_string(),
format!(
r#"kubectl get svc $POD_NAME -o json > /data/pod-svc && kubectl get node $NODE_NAME -o json > /data/pod-node && DATA_PORT=$(jq '.spec.ports[] | select(.name == "data") | .nodePort' /data/pod-svc) HTTP_PORT=$(jq '.spec.ports[] | select(.name == "http") | .nodePort' /data/pod-svc) IPC_PORT=$(jq '.spec.ports[] | select(.name == "ipc") | .nodePort' /data/pod-svc) NODE_IP=$(jq -r '.status.addresses | map(select(.type == "ExternalIP")) | .[0].address' /data/pod-node) {HADOOP_HOME}/bin/hdfs --debug datanode"#
Copy link
Copy Markdown
Contributor Author

@nightkr nightkr May 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to clean this up better

@nightkr nightkr mentioned this pull request May 13, 2022
Closed
nightkr added 12 commits May 19, 2022 16:49
@nightkr
Use the name of the SA to create the datanode pods
722e562
@nightkr
Don't use all pod labels for service selection
b93ee92
@nightkr
Use pod enrichment controller from commons to read node address
b7fced7
@nightkr
Update example to ZooKeeper 3.8.0
770333d
@nightkr
Use lb-operator to expose datanodes rather than the pod svc controller
ff27ef3
@nightkr
Merge branch 'main' into spike/external-access
dd94b1c
@nightkr
Create NameNode LBs rather than Services
30dd33b
@nightkr
Use a persistent PVC to expose namenodes, since they need a persisten…
1ca2c51 
…t identity
@nightkr
Reuse PVC-managed LBs for discovery config rather than creating separ…
d04050b 
…ate ones
@nightkr
Use the correct keys to retrieve customized ports when building disco…
0754a2e 
…very config
@nightkr
Remove namenode role that is no longer required
c242eb3
@nightkr
Tell HDFS which node address to use
29b8111
@nightkr
Copy link
Copy Markdown
Contributor Author

nightkr commented Aug 24, 2022

This has ended up becoming an example use case of stackabletech/listener-operator#1, and merging this is blocked on releasing that.

@nightkr nightkr marked this pull request as draft August 24, 2022 12:32
@nightkr nightkr mentioned this pull request Aug 24, 2022
Closed
maltesander
maltesander reviewed Aug 29, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@maltesander maltesander left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to add some rolebindings:

rolebindings.rbac.authorization.k8s.io "hdfs-datanode-55df4c3b-06cc-4311-b2a7-86bfd5d2162f" is forbidden: User "system:serviceaccount:default:hdfs-operator-serviceaccount" cannot patch resource "rolebindings" in API group "rbac.authorization.k8s.io" in the namespace "default": Forbidden

@nightkr nightkr mentioned this pull request Jan 8, 2024
Merged
@nightkr nightkr closed this Jan 8, 2024
@razvan razvan deleted the spike/external-access branch November 6, 2024 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@razvan razvan razvan left review comments

@maltesander maltesander maltesander left review comments

Assignees

@nightkr nightkr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow external access to the HDFS cluster

3 participants

@nightkr @razvan @maltesander