search

vmware / cloud-provider-for-cloud-director

Kubernetes External Cloud Provider for VMware Cloud Director
Other
20 stars 30 forks source link

Option for ALB virtual service to be created as L4 as opposed to HTTP/HTTPS #44

Closed jleavers closed 2 years ago

jleavers commented 2 years ago

Is your feature request related to a problem? Please describe.

As detailed on the README, when creating a k8s LoadBalancer service this will be created as HTTP / HTTPS, and HTTPS requires the creation of an SSL cert in vCD that is then applied to the virtual service.

However, if this is forwarding to a k8s ingress, it is likely that this ingress will serve many domains and be configured to use many certificates, so the configuration of a single certificate on the ALB virtual service is not required.

It would be better if the ALBs were L4 TCP only.

Describe the solution you'd like

Option to create the ALB virtual service as L4 TCP, instead of HTTP/HTTPS with certificate.

Describe alternatives you've considered

Change the k8s service to NodePort instead of LoadBalancer. In this scenario no ALB config is added so it can be added manually.

However, it is actually faster to upload a cert, create the service, then once the virtual services and server pools have been added autoamtically, reconfigure the virtual services to be L4.

Additional context

No response

an0nz commented 2 years ago

I may be getting this wrong but I had a similar issue where loadbalancers were failing to create as they were not HTTP/HTTPS endpoints. After editing the deployment to use the latest version 1.0.2 L4 load balancers were successfully being provisioned.

I changed the image to projects.registry.vmware.com/vmware-cloud-director/cloud-provider-for-cloud-director:1.0.2.latest

Hopefully that helps and it sets up the load balancer for you.

jleavers commented 2 years ago

Are you created these via Kubernetes services? Currently if I set the service type to LoadBalancer, it tries to create the LB as HTTP/HTTPS, and if I set it to NodePort, it doesn't create them.

an0nz commented 2 years ago

With ccm 1.0.2 I create services of type load balancer in k8s for whichever port I want and it provisions an L4 load balancer in NSX-ALB via vCD.

Our NSX-ALB instance is only licensed as basic so can only do L4 which works without issue.

jleavers commented 2 years ago

That's interesting - I have updated vmware-cloud-director-ccm to 1.0.2.latest, but for me the virtual services are still being created as HTTP & HTTPS, not L4. Enterprise licence for ALB is disabled in vCD.

arunmk commented 2 years ago

@jleavers thanks for this report!

We have changed the provider to use the appProtocol type and also support L4 clearly. The main branch has the changed code. The release with this change will land on Jan/27 as 1.1.0

jleavers commented 2 years ago

Thanks! I have retested and the virtual services have now been created as L4.

alb-virtual-services