percona-server-mysql-operator icon indicating copy to clipboard operation
percona-server-mysql-operator copied to clipboard

Published 20 hours ago verified publisher icon percona

Add `appProtocol` to database headless-services

Open sando38 opened this issue 1 year ago • 1 comments

Proposal

Currently the operator creates a database headless-service with roughly these configs:

apiVersion: v1
kind: Service
metadata:
  name: database-pxc-db-pxc
spec:
  ports:
    - name: mysql
      protocol: TCP
      port: 3306
      targetPort: 3306
    - name: mysql-admin
      protocol: TCP
      port: 33062
      targetPort: 33062
    - name: mysqlx
      protocol: TCP
      port: 33060
      targetPort: 33060
...

Like in https://github.com/percona/percona-server-mongodb-operator/pull/1393 when using Istio and mTLS, istio cannot correctly interpret the protocol, hence Istio's mTLS does not work.

The following service works with Istio's mTLS enabled:


apiVersion: v1
kind: Service
metadata:
  name: database-pxc-db-pxc
spec:
  ports:
    - name: mysql
      protocol: TCP
      port: 3306
      targetPort: 3306
    - name: mysql-admin
      protocol: TCP
      port: 33062
      targetPort: 33062
    - name: mysqlx
      protocol: TCP
      port: 33060
      targetPort: 33060
    - name: sst
      protocol: TCP
      appProtocol: tcp
      port: 4444
      targetPort: 4444
    - name: write-set
      protocol: TCP
      appProtocol: tcp
      port: 4567
      targetPort: 4567
    - name: ist
      protocol: TCP
      appProtocol: tcp
      port: 4568
      targetPort: 4568
...

Compared to the mongo implementation, we would need to set appProtocol: tcp.

Use-Case

Istio with mTLS enabled.

Is this a feature you are interested in implementing yourself?

No

Anything else?

Thank you for considering to implement it 👍

sando38 avatar Apr 04 '24 23:04 sando38