0

I am planning to run an SSIS ETL job , which has a sql server as SOURCE db , this is on a physical on-premise machine and the DESTINATION db (postegres/patroni) is running on Openshift platform as pod/containers. The issue I am facing now is like, DB hosted on openshift cannot be exposed via tcp port. As per few articles online, openshift only allows HTTP traffic via “routes”. Is this assumption right? If yes, how in real world people run ETL or bulk data transfer or migration to a db on openshift from outside. I am worried to use HTTP since I feel , it’s not efficient for ETL. Few folks mentioned like, use OC PORT FORWARDING. But for a production app, how an open shift port forwarding be stable? Please throw your comments

user1597990
  • 181
  • 3
  • 13
  • 1
    What underlying platform are you on? If a cloud platform, this is usually a use case for a "LoadBalancer" type Service. And the cloud handles the ELB for the Service ingress. It's full TCP. I'm not sure how this is typically handled for bare metal type clusters. – Will Gordon Feb 09 '22 at 16:45
  • @WillGordon Thanks for commenting. My destination DB is on Openshift(OCP). But the ETL(SSIS) runs outside OpenShift, which need to access the destination DB on OCP . The real question from my side is "Is it possible to expose a Database on openshift to public world/Internet, other than HTTP(s) ?" . Or else , I need to access my POSTGRES DB in open shift with my local pgadmin without PORT FORWARDING – user1597990 Feb 09 '22 at 18:26
  • 1
    That's what I'm saying. Kubernetes (and therefore OCP) can have a `LoadBalancer` type of Service, https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. Typically if you're running OCP on a cloud like AWS or GCP, then the cloud handles the creation of the LoadBalancer. And this LoadBalancer Service provides _direct_ TCP access to the backing Pod(s) – Will Gordon Feb 09 '22 at 23:05

1 Answers1

1

In a production environment it is a little questionable if you want to expose your database to the public internet. Normally you probably rather want to go with a site-to-site VPN.

That left aside it is correct that OCP is using routes for most use cases, which are then exposing an http(s) endpoint. If you need plain TCP however, you can create a service of type loadbalancer.

The regular setup with a route is stacked like

route --> service --> pods where the service is commonly of type clusterIP.

with a service of type loadbalancer, you eliminate the route and directly expose a TCP service.
If you run on a public cloud, OCP takes care of the leftover requirements for you. Namely that is to create a Loadbalancer with your cloudprovider. In the case of AWS for example, OCP would create an ELB (Elastic Loadbalancer) for you.

You can find more information in the documentation

Rick Rackow
  • 1,490
  • 8
  • 19