You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by Saikiran Daripelli <sd...@bluejeans.com> on 2020/07/17 14:07:19 UTC
Apache Ignite with istio/envoy mTLS
Hi,
I am deploying ignite in Kubernetes in stateless mode, and will connect to cluster from services via java thick clients. I am using zookeeper based discovery as some of our clients(flink) is outside Kubernetes.
I need some understanding on if I can use envoy proxy with istio mTLS for communication between clients <->ignite, ignite <-> ignite by deploying an istio sidecar proxy with does mTLS?
Regards,
Saikiran
Re: Apache Ignite with istio/envoy mTLS
Posted by Saikiran Daripelli <sd...@bluejeans.com>.
Thanks you.
From: Denis Magda <dm...@apache.org>
Reply to: "user@ignite.apache.org" <us...@ignite.apache.org>
Date: Friday, 24 July 2020 at 12:43 AM
To: user <us...@ignite.apache.org>
Subject: Re: Apache Ignite with istio/envoy mTLS
To support this deployment model you would need to have a Kubernetes Service per Ignite server node so that remote thick clients can connect to any server from outside. Also, you would need to enable the following setting on the clients side (the setting will be released in Ignite 2.9): https://www.gridgain.com/docs/latest/developers-guide/clustering/running-client-nodes-behind-nat [gridgain.com]<https://urldefense.com/v3/__https:/www.gridgain.com/docs/latest/developers-guide/clustering/running-client-nodes-behind-nat__;!!Hm8EzG7E8TY!ObQUBBQHenZqI3iF6wEPI2nNupFMPfHyr5LEhVh20TV2pNYNd5xuAn0nQhyy927iU74$>
Thin clients might be a much better choice for those applications that connect from outside. It's easier to set up and manage. While inside K8 you can keep using the thick clients.
-
Denis
On Thu, Jul 23, 2020 at 11:36 AM akorensh <al...@gmail.com>> wrote:
Hi,
At this point(2.8.1), Apache Ignite does not support Thick clients being
outside of the K8 cluster.
while servers being in the cluster.
Thanks, Alex
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/ [apache-ignite-users.70518.x6.nabble.com]<https://urldefense.com/v3/__http:/apache-ignite-users.70518.x6.nabble.com/__;!!Hm8EzG7E8TY!ObQUBBQHenZqI3iF6wEPI2nNupFMPfHyr5LEhVh20TV2pNYNd5xuAn0nQhyy-wmN0zM$>
Re: Apache Ignite with istio/envoy mTLS
Posted by Denis Magda <dm...@apache.org>.
To support this deployment model you would need to have a Kubernetes
Service per Ignite server node so that remote thick clients can connect to
any server from outside. Also, you would need to enable the following
setting on the clients side (the setting will be released in Ignite 2.9):
https://www.gridgain.com/docs/latest/developers-guide/clustering/running-client-nodes-behind-nat
Thin clients might be a much better choice for those applications that
connect from outside. It's easier to set up and manage. While inside K8 you
can keep using the thick clients.
-
Denis
On Thu, Jul 23, 2020 at 11:36 AM akorensh <al...@gmail.com> wrote:
> Hi,
> At this point(2.8.1), Apache Ignite does not support Thick clients being
> outside of the K8 cluster.
> while servers being in the cluster.
> Thanks, Alex
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: Apache Ignite with istio/envoy mTLS
Posted by akorensh <al...@gmail.com>.
Hi,
At this point(2.8.1), Apache Ignite does not support Thick clients being
outside of the K8 cluster.
while servers being in the cluster.
Thanks, Alex
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/