K8S multiple tunnelers load balancing

Ziti Overlay
1

Hey,

I've a controller and public edge router running on the Cloud. I also have a Talos cluster running on my homelab.

To access services in my homelab remotely, I've deployed a tunneler Pod in my Talos cluster following this doc: Deploy a Hosting Tunneler in Kubernetes | OpenZiti

I made an http echo server pod and service on my K8S cluster and configured the necessary service/config/policies to access it and it's working great:

image
image1569×221 11.3 KB

Now I'm wondering how can I load balance the traffic so it won't all go through this single tunneler to access my K8S cluster. Are there any best practices ?

2

Yes! This style of load balancing is built into Ziti. Just grant multiple hosting tunnelers permission to host the service, and they'll share the load according to the default "smartrouting" terminator strategy.

It's like a fault-tolerant array of reverse proxies at the most basic level. It's been a while, but we had a series of two episodes of Ziti TV where we talked about using Ziti terminators to manage load balancing and failover of Ziti services.

My takeaways from re-watching the second video include:

  • The CLI has changed - now you can run ziti edge VERB terminators where VERB is list, update, etc.
  • Authorize multiple identities to host the services, not multiple copies of the same identity, which is confusing to manage.
  • Adjust terminator strategy, cost, and precedence to express a preference for failover or scaling behavior (link to doc about extensible terminators).
  • You can define terminator actions, e.g., "mark unhealthy", triggered by health checks in host.v1 configs.
  • Terminators are automatically created by hosting SDKs on three routers, creating multiple potential paths to the hosting SDK in the Ziti network. Their dynamic costs are factored in in the default "smart routing" strategy.