Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GEP-20] High Availability for reversed VPN connection #6890

Closed
timuthy opened this issue Oct 24, 2022 · 3 comments · Fixed by #6978
Closed

[GEP-20] High Availability for reversed VPN connection #6890

timuthy opened this issue Oct 24, 2022 · 3 comments · Fixed by #6978
Assignees
@MartinWeindel
Labels
area/control-plane Control plane related area/high-availability High availability related area/networking Networking related kind/enhancement Enhancement, improvement, extension

Comments

@timuthy
Copy link
Contributor

timuthy commented Oct 24, 2022
edited

How to categorize this issue?

/area control-plane
/area high-availability
/area networking
/kind enhancement

What would you like to be added:
Shoots which define spec.controlPlane.highAvailability.failureTolerance: {node, zone} get an HA control-plane but today the control-planes only have a single VPN connection.

The following points where sketched out after a discussion with @ScheererJ:

  • VPN connections should be redundant: If one path is broken because of an outage, the other path must still work.
  • Lifecycle management: Updates and configuration changes should be deployed in a rolling-fashion, so that there is at least one working tunnel at all times.

Why is this needed:
In case of a node or zone outage, a redundant VPN tunnel is necessary so that webhooks residing inside the shoot still work and can respond in a timely manner.

cc @ScheererJ @MartinWeindel
@gardener-prow gardener-prow bot added area/control-plane Control plane related area/high-availability High availability related area/networking Networking related kind/enhancement Enhancement, improvement, extension labels Oct 24, 2022
@timuthy timuthy mentioned this issue Oct 24, 2022
Closed
56 tasks
@timuthy
Copy link
Contributor Author

timuthy commented Oct 24, 2022

/assign @MartinWeindel
Thanks for your support 🙂

This was referenced Oct 24, 2022
Merged
Merged
@MartinWeindel MartinWeindel mentioned this issue Nov 9, 2022
Merged
@timuthy
Copy link
Contributor Author

timuthy commented Jan 18, 2023

Completed by #6978
/close

@gardener-prow gardener-prow bot closed this as completed Jan 18, 2023
@gardener-prow
Copy link
Contributor

gardener-prow bot commented Jan 18, 2023

@timuthy: Closing this issue.

In response to this:

Completed by #6978
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@SimonKienzler SimonKienzler mentioned this issue Dec 21, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MartinWeindel MartinWeindel

Labels
area/control-plane Control plane related area/high-availability High availability related area/networking Networking related kind/enhancement Enhancement, improvement, extension
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

High availability deployment for VPN MartinWeindel/gardener
2 participants
@MartinWeindel @timuthy