Skip to content

Move to backend service-based network load balancers #2628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
julientinguely-da merged 2 commits into from
Oct 13, 2025
Merged

Move to backend service-based network load balancers #2628

julientinguely-da merged 2 commits into from
Oct 13, 2025

Conversation

@julientinguely-da
Copy link
Contributor

@julientinguely-da julientinguely-da commented Oct 9, 2025
edited
Loading

fixes https://github.com/DACH-NY/canton-network-internal/issues/2081

Switching to this backend type will allow us to 1) enable cloud armor and 2) use "modern" NLB which is advised by gcp anyway.

[TODO] cncluster enable_http_load_balancing in our running cluster before merging. Expect < 60s downtime to switch to new backend type.

Pull Request Checklist

Cluster Testing

  • If a cluster test is required, comment /cluster_test on this PR to request it, and ping someone with access to the DA-internal system to approve it.
  • If a hard-migration test is required (from the latest release), comment /hdm_test on this PR to request it, and ping someone with access to the DA-internal system to approve it.

PR Guidelines

  • Include any change that might be observable by our partners or affect their deployment in the release notes.
  • Specify fixed issues with Fixes #n, and mention issues worked on using #n
  • Include a screenshot for frontend-related PRs - see README or use your favorite screenshot tool

Merge Guidelines

  • Make the git commit message look sensible when squash-merging on GitHub (most likely: just copy your PR description).

@julientinguely-da
[static] init
15e6c31 
Signed-off-by: Julien Tinguely <julien.tinguely@digitalasset.com>
@julientinguely-da julientinguely-da changed the title Attempt to change NLP backend type Attempt to change NLB backend type Oct 9, 2025
@julientinguely-da
[static] automatic load balancer release replacement
1a4ca2a 
Signed-off-by: Julien Tinguely <julien.tinguely@digitalasset.com>
@julientinguely-da julientinguely-da marked this pull request as ready for review October 10, 2025 12:31
@julientinguely-da julientinguely-da changed the title Attempt to change NLB backend type Move to backend service-based network load balancers Oct 10, 2025
moritzkiefer-da
moritzkiefer-da reviewed Oct 10, 2025
View reviewed changes
cluster/pulumi/infra/src/istio.ts
...infraAffinityAndTolerations,
// The httpLoadBalancing addon needs to be enabled to use backend service-based network load balancers.
annotations: {
'cloud.google.com/l4-rbs': 'enabled',
Copy link
Contributor

@moritzkiefer-da moritzkiefer-da Oct 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume there is no downside to enabling this without cloud armor?

Copy link
Contributor Author

@julientinguely-da julientinguely-da Oct 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not that I am aware.

@julientinguely-da
Copy link
Contributor Author

julientinguely-da commented Oct 10, 2025

/cluster_test

@github-actions
Copy link

github-actions bot commented Oct 10, 2025
edited by julientinguely-da
Loading

Deploy cluster test triggered for Commit 1a4ca2a0613ff4cf3e0e5a248984269271697035 in , please contact a Contributor to approve it in CircleCI: https://app.circleci.com/pipelines/github/DACH-NY/canton-network-internal/35947

--> https://app.circleci.com/pipelines/github/DACH-NY/canton-network-internal/35948/workflows/168cf32b-5cca-4d7a-8524-ad42410d67f7

moritzkiefer-da
moritzkiefer-da approved these changes Oct 10, 2025
View reviewed changes
Copy link
Contributor

@moritzkiefer-da moritzkiefer-da left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! lgtm provided preflights pass.

@isegall-da
Copy link
Contributor

isegall-da commented Oct 10, 2025

[TODO] cncluster enable_http_load_balancing in our running cluster before merging. Expect < 60s downtime to switch to new backend type.

Note that it could take 30 minutes to complete the addon enable, so make sure that finishes before trying to migrate a cluster to this. I propose we make a list of all clusters, and confirm the addon was enabled everywhere before even merging.

isegall-da
isegall-da reviewed Oct 10, 2025
View reviewed changes
Copy link
Contributor

@isegall-da isegall-da left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Simple :)
Thank you

@julientinguely-da
Copy link
Contributor Author

julientinguely-da commented Oct 10, 2025
edited
Loading

I propose we make a list of all clusters, and confirm the addon was enabled everywhere before even merging

Yes!

Turned on httpLoadBalancing addon:

  • scratcha
  • scratchb
  • scratchc
  • scratchd
  • scratche
  • cilr
  • ci
  • ciperiodic
  • cimain
  • devnet
  • testnet
  • mainnet

@julientinguely-da julientinguely-da merged commit f03e4a5 into main Oct 13, 2025
44 checks passed
@julientinguely-da julientinguely-da deleted the julien/2081-backend-nlb branch October 13, 2025 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@isegall-da isegall-da isegall-da left review comments

@stephencompall-DA stephencompall-DA stephencompall-DA approved these changes

@moritzkiefer-da moritzkiefer-da moritzkiefer-da approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@julientinguely-da @isegall-da @stephencompall-DA @moritzkiefer-da