Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-7997

Support for exposing services on multiple LoadBalancer endpoints

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Proposed
    • Proposed
    • Proposed
    • Proposed

      When using ironic for BMaaS in the openstack cloud, there is a requirement for baremetal nodes to lookup the internal API endpoint in the openstackcontrolplane infra DNS service. (The dnsmasq service used by EDPM nodes etc to lookup DNS records like internal-keystone.openstack.svc, internal-ironic.openstack.svc.) To achieve this we congure the dns-nameserver on the ironic provisioning network to use the Loadbalancer address exposing the DNS service in the infrastructure.

      Issue:

      Because the OCP controllers have interfaces in both the "ctlplane" network where the infra DNS MetalLB is located, and on the ironic provisioning network. We end up with asymetric routing, the packets from the ironic network comes in on interface ctlplane but the return path is out the ironic inerface. By default the rp_filter on the OCP nodes will drop this traffic.

      Proposed Solution: (Breaking API change? Potentially not if we use a conversion webhook we can still support the old schema.)

      Make it possible to expose a service on multiple LoadBalanced endpoints.

      Example:

        dns:
    template:
      override:
        service:
        - metadata:
            annotations:
              metallb.universe.tf/address-pool: ctlplane
              metallb.universe.tf/allow-shared-ip: ctlplane
              metallb.universe.tf/loadBalancerIPs: 192.168.122.80
          spec:
            type: LoadBalancer
        - metadata:
            annotations:
              metallb.universe.tf/address-pool: internalapi
              metallb.universe.tf/allow-shared-ip: internalapi
              metallb.universe.tf/loadBalancerIPs: 172.17.0.80
          spec:
            type: LoadBalancer
      options:
      - key: server
        values:
        - 192.168.122.1
      replicas: 1

      The difference to the current API is in the service field - using a list instead of a dictionary.

      current:

              service:
          metadata:
            annotations:
              metallb.universe.tf/address-pool: ctlplane
              metallb.universe.tf/allow-shared-ip: ctlplane
              metallb.universe.tf/loadBalancerIPs: 192.168.122.80

      proposed:

            service:
        - metadata:
            annotations:
              metallb.universe.tf/address-pool: ctlplane
              metallb.universe.tf/allow-shared-ip: ctlplane
              metallb.universe.tf/loadBalancerIPs: 192.168.122.80
          spec:
            type: LoadBalancer
        - metadata:
            annotations:
              metallb.universe.tf/address-pool: internalapi
              metallb.universe.tf/allow-shared-ip: internalapi
              metallb.universe.tf/loadBalancerIPs: 172.17.0.80
           spec:
             type: LoadBalancer

       

              Unassigned Unassigned
              rhn-gps-hjensas Harald Jensas
              rhos-dfg-ospk8s
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: