Kubernetes API
If you want to use Kubernetes for Cluster Bootstrap, please follow the Cluster Bootstrap Kubernetes API documentation that is tailored for that use case.
The typical way to consume a service in Kubernetes is to discover it through DNS: this will take into account liveness/readiness checks, and depending on the configuration take care of load balancing (removing the need for client-side load balancing). For this reason, for general usage the akka-dns
implementation is usually a better fit for discovering services in Kubernetes. However, in some cases, such as for Cluster Bootstrap, it is desirable to connect to the pods directly, bypassing any liveness/readiness checks or load balancing. For such situations we provide a discovery implementation that uses the Kubernetes API.
Project Info
Project Info: Akka Discovery Kubernetes | |
---|---|
Artifact | com.lightbend.akka.discovery
akka-discovery-kubernetes-api
1.0.10
|
JDK versions | Adopt OpenJDK 8 with Hotspot Adopt OpenJDK 11 with Hotspot |
Scala versions | 2.11.12, 2.12.13, 2.13.5 |
License | |
Readiness level | Supported, Lightbend Subscription provides support
Since 1.0.0, 2019-03-15
|
Home page | https://akka.io/ |
API documentation | |
Forums | |
Release notes | GitHub releases |
Issues | GitHub issues |
Sources | https://github.com/akka/akka-management |
Dependencies and usage
First, add the dependency on the component:
- sbt
val AkkaManagementVersion = "1.0.10" libraryDependencies += "com.lightbend.akka.discovery" %% "akka-discovery-kubernetes-api" % AkkaManagementVersion
- Gradle
def versions = [ AkkaManagementVersion: "1.0.10", ScalaBinary: "2.12" ] dependencies { implementation "com.lightbend.akka.discovery:akka-discovery-kubernetes-api_${versions.ScalaBinary}:${versions.AkkaManagementVersion}" }
- Maven
<properties> <akka.management.version>1.0.10</akka.management.version> <scala.binary.version>2.12</scala.binary.version> </properties> <dependencies> <dependency> <groupId>com.lightbend.akka.discovery</groupId> <artifactId>akka-discovery-kubernetes-api_${scala.binary.version}</artifactId> <version>${akka.management.version}</version> </dependency> </dependencies>
akka-discovery-kubernetes-api
can be used with Akka 2.5.31 or 2.6.9 or later. You have to override the following Akka dependencies by defining them explicitly in your build and define the Akka version to the one that you are using. Latest patch version of Akka is recommended and a later version than 2.6.9 can be used.
- sbt
val AkkaVersion = "2.6.9" libraryDependencies ++= Seq( "com.typesafe.akka" %% "akka-cluster" % AkkaVersion, "com.typesafe.akka" %% "akka-discovery" % AkkaVersion )
- Gradle
def versions = [ AkkaVersion: "2.6.9", ScalaBinary: "2.12" ] dependencies { implementation "com.typesafe.akka:akka-cluster_${versions.ScalaBinary}:${versions.AkkaVersion}" implementation "com.typesafe.akka:akka-discovery_${versions.ScalaBinary}:${versions.AkkaVersion}" }
- Maven
<properties> <akka.version>2.6.9</akka.version> <scala.binary.version>2.12</scala.binary.version> </properties> <dependencies> <dependency> <groupId>com.typesafe.akka</groupId> <artifactId>akka-cluster_${scala.binary.version}</artifactId> <version>${akka.version}</version> </dependency> <dependency> <groupId>com.typesafe.akka</groupId> <artifactId>akka-discovery_${scala.binary.version}</artifactId> <version>${akka.version}</version> </dependency> </dependencies>
As described above, it is uncommon to use the Kubernetes API discovery mechanism as your default discovery mechanism. When using it with Akka Cluster Bootstrap, it is sufficient to configure it as described here. Otherwise, to load it manually, use loadServiceDiscovery
on the Discovery
extension:
- Scala
-
val discovery = Discovery(system).loadServiceDiscovery("kubernetes-api")
- Java
-
ServiceDiscovery discovery = Discovery.get(system).loadServiceDiscovery("kubernetes-api");
To find other pods, this method needs to know how they are labeled, what the name of the target port is, and what namespace they reside in. Below, you’ll find the default configuration. It can be customized by changing these values in your application.conf
.
akka.discovery {
kubernetes-api {
# Namespace discovery path
#
# If this path doesn't exist, the namespace will default to "default".
pod-namespace-path = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
# Namespace to query for pods.
#
# Set this value to a specific string to override discovering the namespace using pod-namespace-path.
pod-namespace = "<pod-namespace>"
# Selector value to query pod API with.
# `%s` will be replaced with the configured effective name, which defaults to the actor system name
pod-label-selector = "app=%s"
}
}
This configuration complements the following Deployment specification:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: example
name: example
spec:
replicas: 4
selector:
matchLabels:
app: example
template:
metadata:
labels:
app: example
spec:
containers:
- name: example
image: example/image:1.0.0
imagePullPolicy: IfNotPresent
ports:
# akka remoting
- name: remoting
containerPort: 2552
protocol: TCP
# When
# akka.management.cluster.bootstrap.contact-point-discovery.port-name
# is defined, it must correspond to this name:
- name: management
containerPort: 8558
protocol: TCP
Role-Based Access Control
If your Kubernetes cluster has Role-Based Access Control (RBAC) enabled, you’ll also have to grant the Service Account that your pods run under access to list pods. The following configuration can be used as a starting point. It creates a Role
, pod-reader
, which grants access to query pod information. It then binds the default Service Account to the Role
by creating a RoleBinding
. Adjust as necessary.
Using Google Kubernetes Engine? Your user will need permission to grant roles. See Google’s Documentation for more information.
#
# Create a role, `pod-reader`, that can list pods and
# bind the default service account in the namespace
# that the binding is deployed to to that role.
#
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
subjects:
# Uses the default service account.
# Consider creating a dedicated service account to run your
# Akka Cluster services and binding the role to that one.
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io