Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-7997

Support for exposing services on multiple LoadBalancer endpoints

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhos-18.0.0
    • infra-operator
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • ?
    • ?

      When using ironic for BMaaS in the openstack cloud, there is a requirement for baremetal nodes to lookup the internal API endpoint in the openstackcontrolplane infra DNS service. (The dnsmasq service used by EDPM nodes etc to lookup DNS records like internal-keystone.openstack.svc, internal-ironic.openstack.svc.) To achieve this we congure the dns-nameserver on the ironic provisioning network to use the Loadbalancer address exposing the DNS service in the infrastructure.

      Issue:

      Because the OCP controllers have interfaces in both the "ctlplane" network where the infra DNS MetalLB is located, and on the ironic provisioning network. We end up with asymetric routing, the packets from the ironic network comes in on interface ctlplane but the return path is out the ironic inerface. By default the rp_filter on the OCP nodes will drop this traffic.

      Proposed Solution: (Breaking API change? Potentially not if we use a conversion webhook we can still support the old schema.)

      Make it possible to expose a service on multiple LoadBalanced endpoints.

      Example:

        dns:
    template:
      override:
        service:
        - metadata:
            annotations:
              metallb.universe.tf/address-pool: ctlplane
              metallb.universe.tf/allow-shared-ip: ctlplane
              metallb.universe.tf/loadBalancerIPs: 192.168.122.80
          spec:
            type: LoadBalancer
        - metadata:
            annotations:
              metallb.universe.tf/address-pool: internalapi
              metallb.universe.tf/allow-shared-ip: internalapi
              metallb.universe.tf/loadBalancerIPs: 172.17.0.80
          spec:
            type: LoadBalancer
      options:
      - key: server
        values:
        - 192.168.122.1
      replicas: 1

      The difference to the current API is in the service field - using a list instead of a dictionary.

      current:

              service:
          metadata:
            annotations:
              metallb.universe.tf/address-pool: ctlplane
              metallb.universe.tf/allow-shared-ip: ctlplane
              metallb.universe.tf/loadBalancerIPs: 192.168.122.80

      proposed:

            service:
        - metadata:
            annotations:
              metallb.universe.tf/address-pool: ctlplane
              metallb.universe.tf/allow-shared-ip: ctlplane
              metallb.universe.tf/loadBalancerIPs: 192.168.122.80
          spec:
            type: LoadBalancer
        - metadata:
            annotations:
              metallb.universe.tf/address-pool: internalapi
              metallb.universe.tf/allow-shared-ip: internalapi
              metallb.universe.tf/loadBalancerIPs: 172.17.0.80
           spec:
             type: LoadBalancer

       

            Unassigned Unassigned
            rhn-gps-hjensas Harald Jensas
            rhos-dfg-ospk8s
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: