[
https://issues.apache.org/jira/browse/FLINK-32178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tan Kim updated FLINK-32178:
----------------------------
Description:
Currently, the flink kubernetes operator only supports nginx ingress.
[https://nightlies.apache.org/flink/flink-kubernetes-operator-docs-release-1.5/docs/operations/ingress/]
Many organizations already using the AWS cloud are using the ALB ingress
controller and are reluctant to use an additional NGINX ingress controller due
to the following issues.
- Using multiple ingress controllers inherently creates the potential for a
race condition.
- �May not match ALB firewall policy (inbound port range)
- Each change to the EKS cluster needs to reflect the security groups added by
ingress
Using AWS Alb isn't impossible, but there is one problem.
Those issues are
If you use domain-based routing, you'll be fine, but it's not going to be
popular in organizations with a lot of flink apps.
So you'll want path-based routing, but alb ingress doesn't provide a
rewrite-target feature, so if you specify a path based on the app name, you
can't change the path to root(/) when routing to the service.
In fact, this is a problem that would be solved if AWS ALB INGRESS provided
that functionality on their side, but it hasn't happened in a long time.
For more information, see:
[https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/835]
Therefore, I make the following suggestions.
Add a setting that allows you to set the PATH of the FLINK WEB UI directly.
For example, web-ui.path=/flink-app
If we could specify this, then alb ingress would just route the path to the
service as is, without using the rewrite-target feature.
was:
Currently, the flink kubernetes operator only supports nginx ingress.
[https://nightlies.apache.org/flink/flink-kubernetes-operator-docs-release-1.5/docs/operations/ingress/]
Many organizations already using the AWS cloud are using the ALB ingress
controller and are reluctant to use an additional NGINX ingress controller due
to the following issues.
- Using multiple ingress controllers inherently creates the potential for a
race condition.
- �May not match ALB firewall policy (inbound port range)
- Each change to the EKS cluster needs to reflect the security groups added by
ingress
Using AWS Alb isn't impossible, but there is one problem.
Those issues are
If you use domain-based routing, you'll be fine, but it's not going to be
popular in organizations with a lot of flink apps.
So you'll want path-based routing, but alb ingress doesn't provide a
rewrite-target feature, so if you specify a path based on the app name, you
can't change the path to root(/) when routing to the service.
In fact, this is a problem that would be solved if AWS ALB INGRESS provided
that functionality on their side, but it hasn't happened in a long time.
For more information, see:
[https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/835]
Therefore, I make the following suggestions.
Add a setting that allows you to set the PATH of the FLINK WEB UI directly.
For example, web-ui.path=/flink-app
If we could specify this, then alb ingress would just route the path to the
service as is, without using the rewrite-target feature.
> AWS ALB INGRESS Support
> -----------------------
>
> Key: FLINK-32178
> URL: https://issues.apache.org/jira/browse/FLINK-32178
> Project: Flink
> Issue Type: Improvement
> Components: Kubernetes Operator, Runtime / Web Frontend
> Reporter: Tan Kim
> Priority: Major
>
> Currently, the flink kubernetes operator only supports nginx ingress.
> [https://nightlies.apache.org/flink/flink-kubernetes-operator-docs-release-1.5/docs/operations/ingress/]
> Many organizations already using the AWS cloud are using the ALB ingress
> controller and are reluctant to use an additional NGINX ingress controller
> due to the following issues.
> - Using multiple ingress controllers inherently creates the potential for a
> race condition.
> - �May not match ALB firewall policy (inbound port range)
> - Each change to the EKS cluster needs to reflect the security groups added
> by ingress
> Using AWS Alb isn't impossible, but there is one problem.
> Those issues are
> If you use domain-based routing, you'll be fine, but it's not going to be
> popular in organizations with a lot of flink apps.
> So you'll want path-based routing, but alb ingress doesn't provide a
> rewrite-target feature, so if you specify a path based on the app name, you
> can't change the path to root(/) when routing to the service.
> In fact, this is a problem that would be solved if AWS ALB INGRESS provided
> that functionality on their side, but it hasn't happened in a long time.
> For more information, see:
> [https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/835]
> Therefore, I make the following suggestions.
> Add a setting that allows you to set the PATH of the FLINK WEB UI directly.
> For example, web-ui.path=/flink-app
> If we could specify this, then alb ingress would just route the path to the
> service as is, without using the rewrite-target feature.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
