Flexibly route traffic to designated Kubernetes infrastructure nodes

 

Ocean by Spot is a Kubernetes data plane service that provides a serverless infrastructure engine for running containers. Ocean is designed to work in such a way that pods and workloads can take advantage of the underlying capabilities of cloud infrastructure such as compute, networking and storage across different pricing models, lifecycles, performance and availability levels, without having to know anything about it. In that spirit, we are excited to announce the support of Elastic IP (EIP) with your Ocean infrastructure. 

Flexibility to set static IP endpoints

Ocean has supported the use of Public IPv4 addresses with Kubernetes nodes since the very beginning. However, there are occasions when we need the comfort of knowing that our service endpoint will not change. This static IP address should be independent of the node type, Availability Zone or Region and should persist beyond reboots or spot instance interruptions.

Today, we are able to deliver on this by supporting AWS Elastic IP per Ocean Launch specification. In order to make use of this, we recommend the following best practices:

  • Ensure that user_data requires that an EIP is attached to the node. 
  • It’s useful (not necessary) to add a health check in user_data that will ensure EIP registration before the node attempts to perform tasks that require network connectivity.    

Use cases for static IP endpoints

Under normal circumstances, standard Kubernetes Services and Ingress should be used to expose a Dynamic Public IPv4 address. In edge cases, there’s an explicit requirement to ensure that the workloads utilize a predefined set of public IPs. 

This functionality is especially useful when there’s a set of whitelist IPs that need to be referenced outside one’s organization. Instead of changing and distributing a new set of whitelist IPs to the consumers every time, it’s better to use a set of static Public IPs to preserve this binding when migrating to K8s.

In addition, there are specific use-cases that might need to include custom routing logic inside a Kubernetes cluster. For example, when routing audio/video traffic, attaching an EIP to the node that runs this routing logic solves the discovery issue within the cluster.

Once configured, Ocean will automatically:

  • attach a free EIP with the newly launched node at creation.
  • detach the EIP once the node is marked for termination.  

We have added an additional level of automation so that you can simply tag all EIPs in AWS and we will import from this list dynamically. Effectively, be able to ward off sticky fingers and significantly reduce configuration errors.

Starting today, this capability is available via API:

"elasticIpPool": {
    "tagSelector": {
        "tagKey": "color",
        "tagValue": "orange"
    }
}

and Terraform:

elastic_ip_pool  {
    tag_selector  {
      tag_key = "key"
      tag_value = "value"
    }
  }