Openstack loadbalancer disablement support #6608
Conversation
k8s-ci-robot
added
the
area/provider/openstack
k8s-ci-robot
added
the
size/L
This reverts commit 99485e5.
k8s-ci-robot
added
the
cncf-cla: yes
cmd/kops/create_cluster.go
Outdated
| @@ -936,15 +930,24 @@ func RunCreateCluster(f *util.Factory, out io.Writer, c *CreateClusterOptions) e | |||
| MaxRetries: fi.Int(3), | |||
| }, | |||
| } | |||
| if c.APILoadBalancerType != "" { | |||
| // Set defaults for an openstack LB | |||
There was a problem hiding this comment.
I think maybe you could move this down to where we make the choice between DNS vs Load Balancers later in the file (around line 1190). It would mean checking again to see if cloud == "openstack", but that's fine...
pkg/model/openstackmodel/firewall.go
Outdated
| @@ -221,7 +221,7 @@ func (b *FirewallModelBuilder) addHTTPSRules(c *fi.ModelBuilderContext, sgMap ma | |||
| addDirectionalGroupRule(c, masterSG, nodeSG, httpsIngress) | |||
| addDirectionalGroupRule(c, masterSG, masterSG, httpsIngress) | |||
|
|
|||
| if b.UseLoadBalancerForAPI() { | |||
There was a problem hiding this comment.
Is it possible to continue to honor UseLoadBalancerForAPI? This might be more consistent across clouds...
There was a problem hiding this comment.
I believe I might be able to do this by addressing your previous comment
There was a problem hiding this comment.
It looks like my issues revolve around using public topology without a loadbalancer, as this will initialize the loadbalancer struct.
My understanding of public topology for openstack might mean that either a loadbalancer is created and exposed outside of the openstack environment or floating IP's of the masters, without loadbalancers, are exposed.
My understanding of private topology might mean for me that if designate is supported it will create records for a loadbalancer or the api-servers depending on loadbalancer support, and if designate is not supported to use gossip, which might also be able to leverage loadbalancers.
@zetaab do you have any opinions on this. Unless I am misunderstanding how this ought to work I cannot use this method as I am under the impression that we could do a public and private topology without the use of loadbalancers, however undesirable it may be.
There was a problem hiding this comment.
This default openstack setup is kind of "private" if we think how kops works in aws, or aws private subnets works itself. In my opinion in case of openstack the public and private from network and subnet are similar, the only difference is that is api exposed to outside or not? Should we even have terminology private and public in openstack kops?
There was a problem hiding this comment.
@justinsb any thoughts here?
I could potentially allow private topology to create a loadbalancer and expose it outside, which seems weird to me. However I cannot specify public topology and use this method to determine if a loadbalancer should be created or not, as this method will always return true under public topology.
There was a problem hiding this comment.
I am under the opinion that we not support Kops without loadbalancers. This isn't an elegant way to deploy Kubernetes. This would lack the healthchecks against the API server done by the API loadbalancer. Removing support for this might mean dropping users which don't have these capabilities, forcing them to use kubeadm or a similar tool, however would mean that Kops aim is to truely support production grade deployments.
This PR could simply close.
There was a problem hiding this comment.
Fast tests trying to create cluster without lb:
- I cannot see floatingips in any master?
- cluster deletion will throw panic to row https://github.com/kubernetes/kops/blob/master/upup/pkg/fi/cloudup/openstack/cloud.go#L401
|
/hold Our openstack environment which I would use to test is under maintenance. Sorry for the delay in updating this. |
k8s-ci-robot
added
the
do-not-merge/hold
@zetaab can you confirm that your build was of this branch. These have been addressed for some time and I cannot reproduce on the binary created by this branch. My masters each get floating IP's. My kubeconfig chooses arbitrarily one of these IP's. My cluster deletes successfully. |
|
i think there's an issue when deleting clusters |
This bit is wrong. I've updated this in my branch however will wait to push. Not sure how we want to proceed here. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: drekle If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Closing. We should put a requirement on loadbalancers in openstack. |
|
@drekle: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
resolves:
#6593
#6592
The loadbalancer can be disabled by not specifiying an api loadbalancer type.
Non loadbalancer deployments will generate a certificate with the 3 master floating IP addresses.
Kubeconfig will choose arbitrarily between each master.
/sig openstack