-
Spike
-
Resolution: Done
-
Blocker
-
None
-
None
-
None
The current outposts documentation first states that the subnets for the outposts rack should be tagged in such a way that the CCM ignores them.
While this is true, you can use the CCM and service of type load balancer to create CLBs and NLBs, attached only to the workers not in outposts.
To be able to use a load balancer for outposts workers, you need to use the AWS load balancer controller. The instructions instruct you to change the subnet tags.
When you do this, the CCM controller will now recognise the outposts subnet and attempt to attach nodes to it.
The current recommendation is to not use CLB/NLB, and not to use service of type load balancer.
I do not believe that this is a suitable limitation, and we should explore removing this limitation.
Why is this not a suitable limitation:
- We expect clusters to be able to create workers both in, and out of outposts within the same cluster
- We have not tested AWS ALBs across outposts and non-outpost workers
- It is not acceptable to say you can have load balancing only on one of the two types of workers, this severely limits the usability of a cluster, and means that multiple clusters may be required, which has increased overheads
- Ingress for the console and other OpenShift services uses service of type load balancer by default, and would likely be expected to run on non-outposts hardware
- We have nothing programatic to stop users from adding service of type load balancer, if we do not stop them, they will do it, and it will cause support cases when the CCM starts to fail to attach outposts workers
TODO:
- Explore and understand how to configure the CCM to ignore a particular subnet
- Explore and understand how to configure the ALB operator to run across both outposts and non-outposts workers
- Document setting up subnets appropriately (and possibly CCM config) so that CCM and AWS LB Operator can co-exist, with both outpost and non-outpost workers
DOD:
- We can remove the limitation of not using CCM backed service of type load balancer from the outposts docs