Expose EPP and WHOIS endpoints on reginal load balancers #2627
Conversation
jianglai
force-pushed
the
tcp-service
branch
from
08477dc to
a25eb9c
Compare
jianglai
changed the title
There was a problem hiding this comment.
Reviewable status: 0 of 4 files reviewed, 1 unresolved discussion (waiting on @jianglai)
jetty/get-endpoints.py line 55 at r1 (raw file):
res = [] lines = run_command(f'kubectl get {resource}/{service}') for line in lines.split('\n'):
Just a suggestion I found a hard way myself. Instead of parsing the output as a lines, which is ok, but not great. You can pretty much always use --format=json instead . This allows for safer and cleaner approach.
Code quote:
for line in lines.split('\n'):
jianglai
force-pushed
the
tcp-service
branch
2 times, most recently
from
6d5c936 to
30137b5
Compare
There was a problem hiding this comment.
Reviewed 3 of 4 files at r1, 1 of 1 files at r2, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @ptkach)
jetty/get-endpoints.py line 55 at r1 (raw file):
Previously, ptkach (Pavlo Tkach) wrote…
Just a suggestion I found a hard way myself. Instead of parsing the output as a lines, which is ok, but not great. You can pretty much always use
--format=jsoninstead . This allows for safer and cleaner approach.
Agreed.
jianglai
force-pushed
the
tcp-service
branch
from
30137b5 to
1f69e9f
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
jianglai
force-pushed
the
tcp-service
branch
from
1f69e9f to
7adcdec
Compare
There was a problem hiding this comment.
Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @Github-advanced-security[bot] and @ptkach)
jianglai
force-pushed
the
tcp-service
branch
from
7adcdec to
7bea165
Compare
k8s does not have a way to expose a global load balancer with TCP endpoints, and setting up node port-based routing is a chore, even with Terraform (which is what we did with the standalone proxy). We will use Cloud DNS's geolocation routing policy to ensure that clients connect to the endpoint closest to them.
jianglai
force-pushed
the
tcp-service
branch
from
7bea165 to
7f5b913
Compare
There was a problem hiding this comment.
Reviewable status: 3 of 5 files reviewed, 2 unresolved discussions (waiting on @Github-advanced-security[bot] and @jianglai)
jetty/get-endpoints.py line 137 at r4 (raw file):
for service in ['whois', 'whois-canary', 'epp', 'epp-canary']: map_key = service.replace('-', '_') for ip in get_endpoints('services', service,
It looks like it can be simplified. kubectl accepts jsonpath param, which I think would make it easier by doing something like this jsonpath='{.status.loadBalancer.ingress[0}.ip}' . I've not checked it though, I just realized I'd be really surprised if they didn't and stumbled upon this doc https://kubernetes.io/docs/reference/kubectl/jsonpath/
k8s does not have a way to expose a global load balancer with TCP
endpoints, and setting up node port-based routing is a chore, even with
Terraform (which is what we did with the standalone proxy).
We will use Cloud DNS's geolocation routing policy to ensure that
clients connect to the endpoint closest to them.
This change is