search

redhat-cop / global-load-balancer-operator

A global load balancer operator for OpenShift
Apache License 2.0
53 stars 16 forks source link

Allow custom route specification on GlobalRouteDiscovery #39

Open gomesar9 opened 3 years ago

gomesar9 commented 3 years ago

Hi all,

we are trying to configure the operator in a cloud infrastructure (AWS) and are facing problems to use custom OCP routes:

We've create a custom service to enable valid HTTPS traffic, with custom certs, through global load balancer and keep our (also valid, not self-signed) cluster certs working.

In this way we can use endpoints from our cluster domain, and use endpoints with a "global" domain, pointing to another Load Balancer, managed by this new service, and configured with the relevant cert/key.

Like:

  1. On cluster1:

    ---
kind: Service
apiVersion: v1
metadata:
name: router-custom
namespace: openshift-ingress
labels:
app: router-custom
router: router-custom
annotations:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '1800'
service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: '2'
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: '5'
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: '4'
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: '2'
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
spec:
ports:
- name: http
  protocol: TCP
  port: 80
  targetPort: http
- name: https
  protocol: TCP
  port: 443
  targetPort: https
selector:
ingresscontroller.operator.openshift.io/deployment-ingresscontroller: glb
type: LoadBalancer
externalTrafficPolicy: Local

  2. On cluster-manager:

    ---
apiVersion: redhatcop.redhat.io/v1alpha1
kind: GlobalDNSRecord
metadata:
name: glb-manual-test
namespace: global-load-balancer-operator
labels:
app: frontend
spec:
endpoints:
- clusterCredentialRef:
    name: cluster1
    namespace: cluster1
  clusterName: cluster1
  loadBalancerServiceRef:
    name: router-custom
    namespace: openshift-ingress
globalZoneRef:
name: route53-global-dns-zone
loadBalancingPolicy: Multivalue
name: glb-test.glb.my.domain.here
ttl: 60

It works fine, but we loose the Auto Discovery because can not set these parameters in the GlobalRouteDiscovery resource:

    loadBalancerServiceRef:
        name: router-custom
        namespace: openshift-ingress

Can we have this option? to auto create GlobalDNSRecord with specific router names/namespaces?

Thanks

raffaelespazzoli commented 3 years ago

The configuration you describe should actually be supported by the operator, so the addition you mention should not be needed. Just as a sanity check, I assume you have router sharding and that the global routes are picked up only by your router-custom. Can you confirm that? Also do you see anything in the logs regarding the route discovery controller?

gomesar9 commented 3 years ago

Hi, yes the global route may only be assigned to routes labeled, lets say, router: router-custom and picked up by router-custom service.

What I mean is, just correctly labeling an application route, the operator must automatically build a new GlobalDNSRecord (via GlobalRouteDiscovery) with:

    loadBalancerServiceRef:
        name: router-custom
        namespace: openshift-ingress

But It's not listed as a configurable spec in GlobalRouteDiscovery resources. (It seems to be configurable only directly in GlobalDNSRecord)

Can you confirm this is already possible? Our running version is: 1.2.0

raffaelespazzoli commented 3 years ago

it should already work, the route discovery operator should correctly populate those fields. Can you attach the following:

  1. route definition with status
  2. global route discovery
  3. generated global dns record.
raffaelespazzoli commented 3 years ago

may I close this?