Kubernetes best practices in regards to IPFS-Cluster

rryter · January 14, 2021, 2:09pm

Hello

TLDR:
Is nginx ingress the way to go, or is it possible to work around the GKE Ingress http status 200 healtcheck requirement for each endpoint? If so, how?

I have been tasked with deploying an IPFS-Cluster on Kubernetes, the goal is to achieve the following:

https://domain.com/ipfs/{{hash}} -> :8080 - IPFS Gateway
https://domain.com:5001 ->          :9095 - IPFS Proxy-Api

With said setup, all the data uploaded through port 5001 would be pinned on all the IPFS nodes within the cluster. Does this make sense or do I miss something obvious?

I have been following along with the official tutorial: Deployment on Kubernetes - Pinset orchestration for IPFS but I have quite some questions, i had no exposure to Kubernetes until a week ago:

The pods can not start the first time they are created, because the Volumes are also just being created. How can I wait until a Volume is ready, before proceeding?
What is the recommended way of exposing the needed endpoints? It would be nice if we could benefit from the Google Cloud CDN by using the GKE L7 LoadBalancer. However I have failed to work around the “status 200 health-check” requirement on all the exposed endpoints.

There is an open issue regarding custom healthchecks:

github.com/kubernetes/ingress-gce

Ingress Healthcheck Configuration

opened 05:52PM - 11 Oct 17 UTC

closed 06:36PM - 19 May 22 UTC

bowei

help wanted good first issue kind/feature lifecycle/frozen

_From @freehan on May 15, 2017 21:25_ On GCE, ingress controller sets up defaul…t healthcheck for backends. The healthcheck will point to the nodeport of backend services on every node. Currently, there is no way to describe detail configuration of healthcheck in ingress. On the other side, each application may want to handle healthcheck differently. To bypass this limitation, on Ingress creation, ingress controller will scan all backend pods and pick the first ReadinessProbe it encounters and configure healthcheck accordingly. However, healthcheck will not be updated if ReadinessProbe was updated. (Refer: https://github.com/kubernetes/ingress/issues/582) I see 3 options going forward with healthcheck 1) Expand the Ingress or Service spec to include more configuration for healthcheck. It should include the capabilities provided by major cloud providers, GCP, AWS... 2) Keep using readiness probe for healthcheck configuration, a) Keep today's behavior and communicate clearly regarding the expectation. However, this still breaks the abstraction and declarative nature of k8s. b) Let ingress controller watch the backend pods for any updates for ReadinessProbe. This seems expensive and complicated. 3) Only setup default healthcheck for ingresses. Ingress controller will only ensure the healthcheck exist periodically, but do not care about its detail configuration. User can configure it directly thru the cloud provider. I am in favor of option 3). There are always more bells and whistles on different cloud providers. The higher layer we go, the more features we can utilize. For L7 LB, there is no clean simple way to describe every intention. So is the case for health check. To ensure a smooth experience, k8s still sets up the basics. For advance use cases, user will have to configure it thru the cloud provider. Thoughts? @kubernetes/sig-network-misc _Copied from original issue: kubernetes/ingress-nginx#720_

Any help is highly appreciated.

hector · January 14, 2021, 4:35pm

Your understanding is correct. However, because the api/v0/add request results in simultaneously adding to all peers in the cluster (using blockPuts), this incurrs in significicant overhead for large files. If you are working with small files (~5MB or so), you will not notice much. When working with larger files you will notice.

One way to speed up is to use the rest api /add endpoint (:9094) setting local=true. This will just add on the node receiving the request (and not all nodes at the same time), and cluster-pin when finished. The rest of the nodes will copy the content via pubsub, much faster.

I have no much idea about kubernetes, surely there is a way to specify dependencies among resources.

What is the problem with this health check. You can probably point to to api/v0/version or some dummy endpoint that returns 200 unless the node is down. Wouldn’t that work? Edit: from the linked issue it may seem that kubernetes is very stupid if it does not allow to query other than /. I can’t hardly believe that, there has to be a better way.

rryter · January 14, 2021, 7:13pm

Thank you very much for getting back to me so quickly. I will look into it.

I’m just thinking out loud here: would it not make sense to also enable this option/feature on the IPFS-Proxy-Api? Essentially the Idea is for this IPFS-Cluster to be of public nature and people should be able to interact with the cluster as if it was a normal IPFS node. Also this way we will not need to open up another port just for one operation.

What do you think?

I will keep digging in regards to Kubernetes best practices.

hector · January 15, 2021, 9:05am

The local thing? Yeah, we should probably make it a configurable option for the proxy. Can you open an issue?

rryter · January 15, 2021, 9:10am

Will do. Thanks a lot!

Edit: Support `local=true` as a configurable option for the proxy endpoints (:9095) · Issue #1292 · ipfs/ipfs-cluster · GitHub

Topic		Replies	Views
Kubernetes IPFS Cluster Help IPFS kubernetes	3	679	July 23, 2021
Looking for suggestions or guidance for testing IPNS pinning service go-ipfs	0	234	April 6, 2022
HTTP gateway in containerized setup Help	4	138	July 27, 2023
Go-ipfs on Kubernetes/Docker: Unable to download files via web UI Kubo	0	266	May 26, 2021
Trying to access api server on a google compute engine, failed to connect go-ipfs	4	535	September 18, 2018

Kubernetes best practices in regards to IPFS-Cluster

Related Topics