add some options to let us Do Openshift load balancers #2
Conversation
There was a problem hiding this comment.
Can you review my comments please ?
@davidkirwan and myself did the review online in "peer" mode
| balance source | ||
| mode tcp | ||
| {% for server in haproxy_ocp_app_nodes %} | ||
| server {{ server }}:6443 check |
There was a problem hiding this comment.
Just looking at the frontend, it seems listening on tcp/443, but I see in backend that you check on port tcp/6443.
Based on some research with @davidkirwan we found this :
https://github.com/openshift-tigerteam/guides/blob/master/ocp4/ocp4-haproxy.cfg#L119
So I guess ingress http and https are just using tcp/80 and tcp/443, even on backend (so with a list of all workers ?)
| backend openshift-app-http-be | ||
| balance source | ||
| mode tcp | ||
| {% for server in haproxy_ocp_app_nodes %} |
There was a problem hiding this comment.
for variables/lists like "haproxy_ocp_app_nodes", there is no default in defaults/main.yml but can be easily added.
What about the idea of using a list of ansible group[s] coming from inventory and automatically add entries in haproxy when a node is added in such group ?
See for example how unbound role does it :
https://github.com/CentOS/ansible-role-unbound/blob/master/defaults/main.yml#L34
https://github.com/CentOS/ansible-role-unbound/blob/master/templates/02_localzone_cache.conf.j2#L5
That would permit to be "dynamic" on each haproxy role execution (after inventory was just changed) ? Or is that what you had in mind ?
@davidkirwan @siddharthvipul Here's a PR for review/comment