search

metallb / metallb

A network load-balancer implementation for Kubernetes using standard routing protocols
https://metallb.universe.tf
Apache License 2.0
6.83k stars 894 forks source link

Support federated ingress #166

Closed nbraud closed 6 years ago

nbraud commented 6 years ago

Is this a bug report or a feature request?: Feature request

What happened: MetalLB cannot be used as a federated ingress.

What you expected to happen: Be able to manage an anycast service running on federated k8s clusters.

danderson commented 6 years ago

Thanks for the report! I didn't know about federated ingress until just now, so please forgive me if I'm misunderstanding :)

Looking at the documentation for federated ingress, afaict, it's kind of an abandoned feature. It looks like it was added in 1.4 as a GCP-only thing, with the promise of "more coming soon"... It's now Kubernetes 1.9, and there's still nothing more.

I'm not sure that MetalLB can do anything useful here. We're not doing anything with Ingress objects, we're just providing LoadBalancer Service objects. So in that sense, ingress and federated ingress is out of scope for MetalLB, and this is maybe a feature request for Istio, Contour, or one of the other projects that implement HTTP ingress controllers.

With that said, if k8s federated ingress ever supports more than GCP... MetalLB could be useful in the implementation. The key part is that the federated control plane has to set the same ingress IP on all clusters. MetalLB could definitely turn that into anycast BGP advertisements... But until SIG-Federation implements a generic form of federated ingress, we have no idea what the API looks like, so we can't make it work in MetalLB :(.

Does this make sense? Am I missing something about how federated ingress works?

pawelprazak commented 6 years ago

For Ingress I guess it would have to be paired with something like Envoy based https://github.com/heptio/contour, but I don't know enough about Kubernetes to say how possible that would. Anyway, that would be very interesting!

danderson commented 6 years ago

I've talked to people familiar with Kubernetes federation, and their response was unanimous: "Federated Ingress", in its current form, only works on GCP, and will never work anywhere else. That approach to federation is no longer preferred, and the new SIG-Multicluster is going in a different direction.

So, unfortunately, I think this is wontfix, because there is no such thing as "federated ingress" that I can support on bare metal. If SIG-Multicluster someday comes up with something like that, we can look at it then.