Add the OpenStack load balancer deployment options #7209
Conversation
openshift-ci-robot
added
the
size/L
| prerequisite packages to be installed before to deploy an OpenShift cluster. | ||
| Those are ignored though, if the `manage_packages: False`. | ||
|
|
||
| ## Multi-master configuration |
There was a problem hiding this comment.
Doesn't the multi-master configuration case require anything to be noted in the docs any more?
There was a problem hiding this comment.
I don't think so. Do you have anything concrete in mind?
There was a problem hiding this comment.
I meant, anything specific to the multi-master. IIUC, The cloud-native LBaaS has nothing to multi-master, right? Openshift-ansible configures it out of box instead.
There was a problem hiding this comment.
I don't think so. Do you have anything concrete in mind?
Expanded in the comments below, wrt the default solution for openshift-ansible. Seems like not supported from now on, right?
|
|
||
| openshift_openstack_use_vm_load_balancer: true | ||
|
|
||
| In either case, you can get the IP addresses for the API and routers by |
There was a problem hiding this comment.
nit: is it in fact the IP of LB (frontend) for those? Let's please clarify,
There was a problem hiding this comment.
Yeah, it's the IP of the public LB. I've updated the docs to make this clearer.
| - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined | ||
| - openshift_openstack_num_masters > 1 | ||
|
|
||
| # TODO(shadower): add the API and apps IP addresses from the Heat stack here. |
There was a problem hiding this comment.
why we don't want to implement that in the patch scope? Should we note something for this in the docs?
There was a problem hiding this comment.
Because we need to read the Heat output in the dynamic inventory.
That's being added in this PR:
If that gets merged first, I'll add it here.
There was a problem hiding this comment.
Alright, that PR got merged so my next revision will set the DNS records.
| {% if openshift_openstack_use_lbaas_load_balancer %} | ||
| value: { get_attr: [lb_floating_ip, floating_ip_address] } | ||
| {% elif openshift_openstack_use_vm_load_balancer %} | ||
| # NOTE(shadower): The VM-based loadbalancer only supports master nodes |
There was a problem hiding this comment.
this prolly worth of a note in the docs
There was a problem hiding this comment.
Good point, done
| description: IP address of the apps/router endpoint | ||
| {% if openshift_openstack_use_lbaas_load_balancer %} | ||
| value: { get_attr: [lb_floating_ip, floating_ip_address] } | ||
| {% elif openshift_openstack_use_vm_load_balancer %} |
There was a problem hiding this comment.
we could as well just put a single else clause
There was a problem hiding this comment.
+1 to this; I think it's easier to read if these two if/elif/else blocks are combined into one
| policies: {{ openshift_openstack_infra_server_group_policies }} | ||
| {% endif %} | ||
| {% if openshift_openstack_num_masters|int > 1 %} | ||
| {% if openshift_openstack_use_vm_load_balancer %} |
There was a problem hiding this comment.
This changes the default behavior for multiple masters. With openshift_openstack_use_vm_load_balancer: false by default, there would be no more loadbalancer provisioned for openshift-ansible multi-master out-of-box solution. So we in fact ditched it. Is that what we want?
There was a problem hiding this comment.
Yes. You should opt-into a load balancer and when doing so, choose which one to use.
This also lets you use an external LB without wasting resources.
There was a problem hiding this comment.
Out of curiosity, what will happen if multiple masters are specified without a load balancer? Is that something we want to check against?
There was a problem hiding this comment.
The cluster would work just fine. You could talk to either of the master nodes to access the API or UI and similarly to either of the infra nodes for the public routes.
I've added an explanation to the docs.
bogdando
left a comment
bogdando
left a comment
There was a problem hiding this comment.
Do we really have to ditch the default openshift-ansible multi-master solution for the preference of the native LBaaS? IIUC, that's what this implements for that case.
|
We now have two options, each with it's advantages and drawbacks (the multimaster solution doesn't handle openshift routes which is kind of a big deal) so we're removing any default and letting you opt into what you want. This is what you'd have to do with the manual installation as well: you don't get the VM-based solution "for free". |
| - server | ||
| - addresses | ||
| - { get_param: net_name } | ||
| - 0 |
There was a problem hiding this comment.
nit: shall we place a FIXME for multiple private networks support?
|
|
||
|
|
||
| {% if openshift_openstack_use_lbaas_load_balancer %} | ||
| # NOTE: we're using the same LB for both API and Routers |
There was a problem hiding this comment.
ditto, let's note for the docs as well
There was a problem hiding this comment.
Good point, done.
| api_lb_pool: | ||
| type: OS::Neutron::LBaaS::Pool | ||
| properties: | ||
| lb_algorithm: ROUND_ROBIN |
There was a problem hiding this comment.
nit: we prolly want this configurable
There was a problem hiding this comment.
The previous default (the VM-based LB) was not configurable either, so I'm tempted to leave this as is for now. But I've added a TODO to make it configurable in the future.
| router_lb_pool: | ||
| type: OS::Neutron::LBaaS::Pool | ||
| properties: | ||
| lb_algorithm: ROUND_ROBIN |
bogdando
left a comment
bogdando
left a comment
There was a problem hiding this comment.
This is really well done! I have mostly minor concerns for docs changes.
|
@tomassedovic ack
That works for me, thanks. Let's please just explain that and/or how this impacts the opinionated choices we made and defaults we set, in the docs! |
tzumainn
left a comment
tzumainn
left a comment
There was a problem hiding this comment.
Hi! I've tested this with lbaas, and things look good! I've left a few pretty nit-picky comments that aren't all that high priority.
|
|
||
| If you run multiple master or infra nodes, you want to put a load balancer in | ||
| front of them. We can configure an Octavia or Neutron LBaaS V2 load balancer | ||
| automaticaly. |
There was a problem hiding this comment.
minor nit: "automatically"
|
|
||
| All you need to do is put this in your `inventory/group_vars/all.yml`: | ||
|
|
||
| openshift_openstack_use_lbaas_load_balancer: true |
There was a problem hiding this comment.
I was about to leave a separate comment asking if we want to put this option in the sample inventory file; then I remember you saying that you'd like to start emptying that out and simply have the possible parameters listed in the documentation, correct?
If so, I think we may want to organize that documentation a bit differently, so it's easier for someone to simply skim the list of possible parameters to find the ones that they care about. I can take a shot at that if you'd like.
There was a problem hiding this comment.
Yeah, I'd like to prune some of the less important and space-consuming options out.
But this one is actually quite important, I think. I'll add it and we can clean it all up in another patch.
| fail: | ||
| msg: > | ||
| Only one of `openshift_openstack_use_lbaas_load_balancer` and | ||
| `openshift_openstack_use_vm_load_balancer` can be set at a time. |
There was a problem hiding this comment.
nit: technically they can both be set; they just can't both be true, correct?
There was a problem hiding this comment.
Good point, fixed.
| description: IP address of the apps/router endpoint | ||
| {% if openshift_openstack_use_lbaas_load_balancer %} | ||
| value: { get_attr: [lb_floating_ip, floating_ip_address] } | ||
| {% elif openshift_openstack_use_vm_load_balancer %} |
There was a problem hiding this comment.
+1 to this; I think it's easier to read if these two if/elif/else blocks are combined into one
| policies: {{ openshift_openstack_infra_server_group_policies }} | ||
| {% endif %} | ||
| {% if openshift_openstack_num_masters|int > 1 %} | ||
| {% if openshift_openstack_use_vm_load_balancer %} |
There was a problem hiding this comment.
Out of curiosity, what will happen if multiple masters are specified without a load balancer? Is that something we want to check against?
openshift-bot
added
the
needs-rebase
openshift-bot
removed
the
needs-rebase
|
The latest update rebases (and resolves the conflicts) and it should address all the comments that were raised. I have a few questions:
|
|
openshift-bot
added
needs-rebase
|
Ok, this rebase should address both comments. The API LB is now merged with the Kuryr one, we print out the endpoint IP addresses at the end of the installation and the router LB is now separate and handles HTTP as well as HTTPS. |
This adds a support for automatically creating and configuring an LBaas v2 (Octavia) as well as the VM-based fallback. We reuse the API LB required by Kuryr and we add a separate LB for the router. Health checks and additional protocol support will be added in follow-up patches.
|
Tested again, things seem to work \o/ |
|
/lgtm |
|
@tomassedovic: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest |
7 participants
This adds a support for automatically creating and configuring an LBaas
v2 (Octavia) as well as the VM-based fallback.
Health checks and additional protocol support will be added in follow-up
patches.