Loading...

XML

Word

Printable

Type: Spike
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Labels:
- ready-for-prioritization

Work Type:
Strategic Product Work
Story Points:
5
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
[aws] Allow choose dedicated subnet for load balancers on install time
Feature Link:
OCPSTRAT-569 - Add ability to choose subnet while creating ingress controller of type LoadBalancerService
Intelligence Requested:
Market:

Original story points:
3
Sprint:
OpenShift SPLAT - Sprint 266

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

This is to spike on the new scope to support IngressController subnet selection at installation time so we can cover the ask coming from RFE-4738

Goal:

Create a on AWS isolating the API LBs to a different subnets of control plane and worker nodes

Description:

RFE-4738 requests to install API's LBs to a different subnets from worker nodes for IP restrictions/regulations. Currently the API's LBs are created by installer. The EP 1634 proposes to introduce "roles" to compose granular deployments when adding subnets, BYO VPC/unmanaged.

The scope of this spike is to create a cluster to validate the requested scenario prior implementation of proposed in EP, so we can get confidence of any nuance that would exists in that environment.

To reproduce that in the existin codebase, prior EP, it is required to install using UPI-method (create network, LBs, and nodes). Currently the approach of perform UPI installs is using CloudFormation template.

Requirements:

Validate initial deployment of installer implementation of new subnets API (platform.aws.vpc.subnets)
Create CloudFormation template, or reuse existing blocks, to create VPC and dependencies, duplicating subnets in existing zones, two subnets in the same zone
create the API and Ingress LB's to different subnet pairs than the control plane nodes
Create control plane and worker nodes to the same zone as LB's, but different subnets
Check CCM behavior in the discover subnets

Nice to have:

Compose CloudFormation template as stack set templates to reuse blocks

Engineering referece:

This spikes validates the scenario covered by Enhancement Proposal 1634 : https://github.com/openshift/enhancements/pull/1634
- the cloudformation templates can be used to validate the feature on installer too, let's document it to help developers to validate it quickly, both on CI or locally when developing the feature.
- Suggest to use CloudFormation stackset to create templates for variants BYO VPC (two additional subnets in same AZ), using modules, without duplicating cloudfomation logic.
  - Example stackset: https://github.com/mtulio/mtulio.labs/tree/devel/labs/ocp-install-iac/aws-cloudformation-templates
  - Repo path that can be saved templates:

clones

SPLAT-1957 [aws][spike] deploy LB into different subnets than nodes in same AZ to validate architecture

Closed

Assignee:: Marco Braga

Reporter:: Marcos Entenza Garcia

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/01/16 4:24 PM

Updated:: 2025/01/24 2:34 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates