Amlen Operator 1.1.0

Amlen has an OpenShift operator that is installable from the OpenShift Community Operator Marketplace. It is a free operator that allows you to easily provision Amlen servers in an OpenShift environment. Version 1.1.0 has just been released.

For a guide to using the operator see Step by step guide for trying the Amlen operator, however as the operator is in the Community Operator Marketplace you can install it from there which makes the deployment a lot simpler.

OpenShift is a technology based on Kubernetes so for those people familiar with Kubernetes most of it applies to openshift, but a few things have been added. The amlen operator was specifically designed to work as an OpenShift operator and not as a more general Kubernetes operator although that could change in the future.

Client Service Type

The big change in 1.1.0 is that the services created by the operator has changed, in 1.0.x a LoadBalancer service was created that would allow you to expose the mqtt endpoints to the public. However, you might not want it exposed automatically, so we have added extra options that can be controlled via the client_service_type in the Amlen Custom Resource. The operator supports changing this value and will recreate, modify or delete the service as required.

ClusterIP

This is the new default option, it creates a ClusterIP service which can be accessed within the cluster from other pods via dns or IP address. It can also be exposed using the OpenShift expose command or manually by adding a route.

LoadBalancer

This is the old default option, by setting it to this value the system will behave the same as it did in 1.0.x

None

This will mean that the service is not created at all, if upgrading from 1.0.x with this set it will delete the existing LoadBalancer service. This means that only specific applications within the cluster will be able to send messages to Amlen. This can be controlled by creating a custom networkpolicy to add applications.

Network Policy

The operator creates a network policy that sets up rules to control communication between the Amlen pods. If the client_service_type is set to ClusterIP or LoadBalancer the amlen_messaging_ports will be automatically added into the network policy. Previously a seperate networkpolicy was needed to allow external messages to reach the Amlen pods.

Internal vs External Ports

In 1.0.x you could specify as many amlen_messaging_ports as you wished, or not specify anything and get the default 8883 port. In 1.1.0 we have extended the ability to allow you to specify different internal and external ports for each connection.

For example you might have a solution where in the cluster you wish to use port 8883 but firewall settings require all external traffic to come in via port 443. This is now possible by adding the following into the Amlen Custom Resource

  client_service_type: ClusterIP
  amlen_messaging_ports:
    securemessaging:
      internal: 8883
      external: 443

This will create an appropriate service that you can expose allowing traffic on port 443 that will be directed to port 8883 of the amlen servers.

Assuming you are using HA (which all production systems really should) a LoadBalancer will be needed, a service for a statefulset will just send messages at random (or roundrobin) instance but as at most one of the pair will be listening on the port you need a LoadBalancer.

Feedback

If you have any questions or comments then we’d really like to hear from over on our slack channel. A link to join the channel can be found on the right hand side of the Eclipse Amlen page https://eclipse.dev/amlen/ along with a link to the forum if you prefer.

Leave a comment

Your email address will not be published. Required fields are marked *