LoadBalancer per node when deploying with the Kubernetes Operator

Guy · May 9, 2024, 1:02pm

Originally from the User Slack

@Christopher_Wong: I’m trying to expose a 3-node scylla cluster created with the scylla-operator.

When the LoadBalancer service gets created, I see a LoadBalancer per node rather than the client service having a load balancer pointed at all 3 nodes. Is this the expected behavior?

Using these exposeOptions
  exposeOptions:
    nodeService:
      type: LoadBalancer
    broadcastOptions:
      clients:
        type: ServiceLoadBalancerIngress
      nodes:
        type: ServiceClusterIP 
@Maciej_Zimnoch: yes, nodes have their own LB service to allow drivers to connect to particular node. This is required to have node-awareness and shard-awareness, as traffic load balancing happens on the driver side, not server side.

@Guilherme_Nogueira: We just rely on the LB service mechanism to allow the external connectivity into the pods. As Maciej mentioned, the driver themselves are responsible to load-balance the request across any nodes in the cluster

@Christopher_Wong: gotcha - I’m seeing some weird behavior where the nodes just continuously log TLS handshake errors when I set the client type to ServiceLoadBalancerIngress. The cluster starts, but no nodes are available to take requests
setting clients.type back to CLusterIP resolves the issue but doesn’t allow for an externally exposed load balancer

@Greg_Day: @Christopher_Wong I don’t know much but you might just need to set the correct annotations (or specify a custom loadBalancerClass) depending on your environment.
there are examples in the docs for EKS and GKE https://operator.docs.scylladb.com/stable/exposing.html#loadbalancer-type that’s all I know!

Exposing ScyllaCluster | ScyllaDB Docs

@Maciej_Zimnoch: LoadBalancer Service without special annotation on cloud providers results in ScyllaCluster being exposed to Internet, where various scanners or LB healthchecks are trying to connect to different ports. These usually are visible in logs. If you want to expose it only within cloud VPC, consider using either PodIP or LB with special annotation. Refer to cloud documentation regarding that.