OSASINFRA-902: Update OpenStack Custom External LB and DNS Docs #4389
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/label platform/openstack |
|
/cc @maxwelldb |
|
@iamemilio Would you like suggestions on this, or is the review request more of an FYI only thing? |
|
Suggestions sound great, but up to you. |
iamemilio
force-pushed
the
update_openstack_day_2_lb
branch
from
6e3c398
to
52d7e08
Compare
|
/lgtm |
openshift-ci-robot
added
lgtm
|
/hold lets give people some time to put reviews in |
openshift-ci-robot
added
the
do-not-merge/hold
maxwelldb
approved these changes
Nov 23, 2020
There was a problem hiding this comment.
Made a number of comments. Feel free to accept/trash/interrogate however you like. @iamemilio
docs/user/openstack/README.md
Outdated
|
|
||
| This documents how to shift from the internal load balancer, which is intended for internal networking needs, to an external load balancer. | ||
| This documents how to shift external traffic from the internal load balancer that comes stock with OpenShift on OpenStack to an external load balancer. |
There was a problem hiding this comment.
Suggested change
| This documents how to shift external traffic from the internal load balancer that comes stock with OpenShift on OpenStack to an external load balancer. | |
| You can shift network traffic from the default OpenShift on OpenStack load balancer to a load balancer that you provide. |
(Or something like this. What's the importance of external and internal in an instructional sense? Could preserve those terms if it's important.)
docs/user/openstack/README.md
Outdated
|
|
||
| The load balancer must serve ports 6443, 443, and 80 to any users of the system. Port 22623 is for serving ignition start-up configurations to the OpenShift nodes and should not be reachable outside of the cluster. | ||
| It is essential that the instance your load balancing service is running from can reach all of the nodes in the cluster. One easy way to do this is to create the instance in a subnet that is within the OpenShift network created by your installer, and making sure a router interface is attached to that subnet from the OpenShift-external-router. Another solution is to attach a floating IP to the nodes that you want to add to your external load balancer. |
There was a problem hiding this comment.
Suggested change
| It is essential that the instance your load balancing service is running from can reach all of the nodes in the cluster. One easy way to do this is to create the instance in a subnet that is within the OpenShift network created by your installer, and making sure a router interface is attached to that subnet from the OpenShift-external-router. Another solution is to attach a floating IP to the nodes that you want to add to your external load balancer. | |
| To use your own load balancer, the instance that it runs from must be able to access every machine in your cluster. You might ensure this access by creating the instance on a subnet that is within your cluster's network, and then attaching a router interface to that subnet from the `OpenShift-external-router` [object/instance/whatever]. You can also attach a floating IP address to the machines that you want to add to your load balancer. |
docs/user/openstack/README.md
Outdated
| openstack floating ip create --port master-port-1 <public network> | ||
| openstack floating ip create --port master-port-2 <public network> | ||
| ``` | ||
| The following external facing services should be added to your new load balancer: |
There was a problem hiding this comment.
Suggested change
| The following external facing services should be added to your new load balancer: | |
| Add the following external facing services to your new load balancer: |
docs/user/openstack/README.md
Outdated
|
|
||
| The first step is to add floating IPs to all the master nodes: | ||
| #### Key OpenShift Services |
There was a problem hiding this comment.
"Key" == "Required?" "Important?"
docs/user/openstack/README.md
Outdated
|
|
||
| Once complete you can see your floating IPs using: | ||
| - The master nodes serve the OpenShift API over port 6443 via tcp. |
There was a problem hiding this comment.
Suggested change
| - The master nodes serve the OpenShift API over port 6443 via tcp. | |
| - The master nodes serve the OpenShift API on port 6443 by using TCP. |
docs/user/openstack/README.md
Outdated
| ``` | ||
|
|
||
| The external load balancer should now be operational along with your own DNS solution. The following curl command is an example of how to check functionality: | ||
| #### Verifying API Reachable |
There was a problem hiding this comment.
Suggested change
| #### Verifying API Reachable | |
| #### Verifying that the API is Reachable |
Capitalized however you like.
docs/user/openstack/README.md
Outdated
| The external load balancer should now be operational along with your own DNS solution. The following curl command is an example of how to check functionality: | ||
| #### Verifying API Reachable | ||
|
|
||
| One good way to test that you can reach the API is to try executing an `oc` command. If you can't do that easily, you can use this curl command: |
There was a problem hiding this comment.
Suggested change
| One good way to test that you can reach the API is to try executing an `oc` command. If you can't do that easily, you can use this curl command: | |
| One way to test whether or not you can reach the API is to run the `oc` command. | |
| If you can't use `oc`, use the following `curl` command: |
Could include sample output for good/bad cases while using oc.
docs/user/openstack/README.md
Outdated
| "compiler": "gc", | ||
| "platform": "linux/amd64" | ||
| } | ||
| ``` | ||
|
|
||
| Another useful thing to check is that the ignition configurations are only available from within the deployment. The following command should only succeed from a node in the OpenShift cluster: | ||
| Note: the versions may be different, but as long as you get a json payload response, it worked correctly. |
There was a problem hiding this comment.
Suggested change
| Note: the versions may be different, but as long as you get a json payload response, it worked correctly. | |
| Note: The versions in the sample output may differ from your own. As long as you get a JSON payload response, the API is accessible. |
docs/user/openstack/README.md
Outdated
| Another useful thing to check is that the ignition configurations are only available from within the deployment. The following command should only succeed from a node in the OpenShift cluster: | ||
| Note: the versions may be different, but as long as you get a json payload response, it worked correctly. | ||
|
|
||
| #### Verifying Apps Reachable |
There was a problem hiding this comment.
Suggested change
| #### Verifying Apps Reachable | |
| #### Verifying that Apps Are Reachable |
Or something to that effect.
docs/user/openstack/README.md
Outdated
|
|
||
| #### Verifying Apps Reachable | ||
|
|
||
| An easy way to check that the workers are load balanced correctly is to try to access the OpenShift console. This can be done from your web browser. If you don't have access to a web browser, then you can try to query it with the following curl command: |
There was a problem hiding this comment.
Suggested change
| An easy way to check that the workers are load balanced correctly is to try to access the OpenShift console. This can be done from your web browser. If you don't have access to a web browser, then you can try to query it with the following curl command: | |
| The simplest way to verify that apps are reachable is to open the OpenShift console in a web browser. | |
| If you don't have access to a web browser, query the console by using the following `curl` command: |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: EmilienM, maxwelldb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
iamemilio
force-pushed
the
update_openstack_day_2_lb
branch
from
52d7e08
to
2e9b816
Compare
|
@iamemilio: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
mandre
reviewed
Nov 25, 2020
docs/user/openstack/README.md
Outdated
| You can verify the operation of the load balancer now if you wish, using the curl commands given below. | ||
|
|
||
| Now the DNS entry for `api.<cluster name>.<base domain>` needs to be updated to point to the new load balancer: | ||
| To ensure that your API and apps are accessible through your load balancer, [create or update DNS entries](#Create API and Ingress DNS Records) for them. To use your new load balancing service for external traffic, make sure the IP address for these DNS entries is the IP address your load balancer is reachable at. |
There was a problem hiding this comment.
The anchor should be #create-api-and-ingress-dns-records, otherwise the link doesn't render. The sentence ends bizarrely too.
Suggested change
| To ensure that your API and apps are accessible through your load balancer, [create or update DNS entries](#Create API and Ingress DNS Records) for them. To use your new load balancing service for external traffic, make sure the IP address for these DNS entries is the IP address your load balancer is reachable at. | |
| To ensure that your API and apps are accessible through your load balancer, [create or update DNS entries](#create-api-and-ingress-dns-records) for them. To use your new load balancing service for external traffic, make sure the IP address for these DNS entries is the IP address your load balancer: |
The underlying network architecture has changed a lot since these docs were initially written. We want to make sure that these docs are accurate and up to date so that users with complex networking use cases like workers on a custom subnet and baremetal workers are able to manage their ingress/egress traffic as needed. More up to date examples and reference information has been added. We have chosen to omit sections outlining how to replace the internal lb and dns services since they were inaccurate. We are targeting an upcoming release to handle these features better given the complexity of our current networking architecture.
iamemilio
force-pushed
the
update_openstack_day_2_lb
branch
from
2e9b816
to
30e597f
Compare
|
removing the hold, reviewers can lgtm again when ready /hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
/lgtm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The underlying network architecture has changed a lot since these docs
were initially written. We want to make sure that these docs are accurate
and up to date so that users with complex networking use cases like workers
on a custom subnet and baremetal workers are able to manage their ingress/egress
traffic as needed. More up to date examples and reference information has been added.
We have chosen to omit sections outlining how to replace the internal lb and dns
services since they were inaccurate. We are targeting an upcoming release to handle
these features better given the complexity of our current networking architecture.