Would it be possible to add AWS ALB and make it route to LoadBalancer services?

[rberlind]

I was able to deploy some pods and services, but found that I had to expose my service (type LoadBalancer) with an OpenShift Route in order to access it from the internet even though it was assigned a public IP. When running the same pods and services on GKE and ACS, I did not have to create a route. I believe that the provisioning of the k8s clusters in those managed k8s services (which I did with Terraform) probably creates some sort of load balancer.

I was wondering if your Terraform code could be extended to add an AWS Application Load Balancer (ALB) and associated listeners, rules, and target groups and then configure them to route to public IPs of k8s LoadBalancer services created in the OpenShift cluster. Provisioning them could be done with Terraform's aws_alb resource (https://www.terraform.io/docs/providers/aws/d/lb.html), but I'm not sure how one would make the ALB actually talk to the services.

[dwmkerr]

Hi @rberlind I'm not sure I understand - in OpenShift a service is not accessible outside of the k8s software defined network unless it is assigned a route. It is the route itself which allows ingress to the service. When you say you want to access something via public IP, do you mean assigning a public IP to the worker node the service is running on?

Usual setup for OpenShift would be that the infra nodes run the router, they have a public IP and you hit the routes on the router to access the server.

[rberlind]

Thanks @dwmkerr (Dave).

When I deployed the same pods and services to Azure Container Service and Google Container Engine, I did not need to create a "Route" which seems to be an OpenShift construct rather than a Kubernetes construct. Those are managed k8s implementations, so they are probably provisioning extra things and doing the wiring for me so that any services I add with type LoadBalancer will automatically be exposed to the outside world.

I suspect the same thing should be possible with OpenShift on AWS, but don't know OpenShift or even the AWS ALB constructs well enough to know for sure.

Nice work on your project by the way. Thanks for using Terraform. One thing that has occurred to me and that I might find time to do in the next few weeks is run your extra scripts from inside local-exec provisioners inside null_resource resources in Terraform so that the terraform apply would run the scripts.

[dwmkerr]

No problems - you are right the whole route concept is specific to OpenShift, under the hood it uses haproxy in some pods to route external traffic to the pods, quite a neat concept. Anyway, good luck with it! I'm assuming it is OK to close the ticket now?

[rberlind]

Yes. I'll close.