There are several ways to expose Varnish Enterprise outside the cluster, each with its pros and cons.
In a typical setup, Kubernetes routes the traffic to a Pod through its Service layer via kube-proxy that is running on each node. By default, Kubernetes configure kube-proxy to run in iptables mode, which may result in a considerable overhead when Varnish Enterprise is serving multiple gigabits per second of traffic.
In cases where minimal overhead is required, a hostPort can be used to expose a Varnish Enterprise port directly on the node, although this setup limits the scalability due to manual port assignment. For Service-based setup, using kube-proxy in IPVS mode is recommended.
hostPort
can be used to expose Varnish Enterprise directly to the node it is running. As this configuration skips kube-proxy altogether, it can result in the least overhead in the default Kubernetes networking setups at the expense of requiring the operator to ensure ports are available on the host.
To configure Varnish Enterprise via hostPort, set server.http.hostPort
, and server.tls.hostPort
:
---
server:
http:
port: 80
hostPort: 80
tls:
port: 443
hostPort: 443
Note: port
must also be configured to match hostPort
.
Kubernetes uses a service layer as an abstraction for decoupling a dependency within the cluster. Service works by routing traffic based on a selector through kube-proxy. This decoupling allows Kubernetes to dynamically scale to arbitary number of Pods at the expense of a slight overhead for forwarding a connection.
ClusterIP
is the most fundamental type of Service in Kubernetes. ClusterIP creates an IP address and a DNS name for accessing a service within the cluster. When a connection is made to that given ClusterIP, traffic is distributed to Pods matching the selector (in this case, to Varnish Enterprise pods).
As ClusterIP service is local to the cluster and cannot be accessed from outside of the cluster without additional components (such as a load balancer component that has access to cluster network, or an Ingress controller).
To configure Varnish Enterprise to use ClusterIP, set service.type
to ClusterIP
:
---
server:
service:
enabled: true
type: "ClusterIP"
Headless ClusterIP is a type of ClusterIP that, instead of creating an IP address, it creates a DNS name that returns multiple IP addresses to an endpoint of a Pod matching a selector.
For example, if a service is deployed as varnish-enterprise.default.svc.cluster.local
, and Varnish Enterprise pod is running with Pod IP of 10.42.0.1
, 10.42.0.2
, and 10.0.42.3
at port 6081
, the DNS will return:
varnish-enterprise A 10.42.0.1
varnish-enterprise A 10.42.0.2
varnish-enterprise A 10.42.0.3
To configure Varnish Enterprise to use headless ClusterIP, set server.type
to ClusterIP
and server.service.clusterIP
to the string “None”.
---
server:
service:
enabled: true
type: "ClusterIP"
clusterIP: "None"
Unlike other types of services where a port that is configured within a Service can be used to access matching containers, in headless ClusterIP, a containerPort
must be used instead. This is the port set in server.http.port
(default: 6081), and server.tls.port
(default: 6443) respectively. You can also confirm this port using the following command:
kubectl get endpoints
NodePort
extends over ClusterIP
by automatically opening a port on every node. This allows a service to be accessed from outside the cluster (or the internet, if a node has a public IP address). By default, NodePort is randomized within the range of 30000-32767. This range depends on the cluster’s configuration.
To configure Varnish Enterprise to use NodePort, set service.type
to NodePort
:
---
server:
service:
enabled: true
type: "NodePort"
It is also possible to configure NodePort with a static port by specifying a port within the configured range. This can be archived with server.service.http.nodePort
and server.service.https.nodePort
for HTTP and HTTPS, respectively:
---
server:
service:
enabled: true
type: "NodePort"
http:
nodePort: "30080"
https:
nodePort: "30443"
LoadBalancer
extends over NodePort
by automatically configure an external load balancer to forward a port to a NodePort. The ports defined in server.service.http.port
and server.service.https.port
will be used as a source port on the Load Balancer. The availability and behavior of a LoadBalancer depend on the cluster’s configuration. Please consult a service provider’s documentation for more information.
To configure Varnish Enterprise to use LoadBalancer, set service.type
to LoadBalancer
:
---
server:
service:
enabled: true
type: "LoadBalancer"