OCPBUGS-7621-health-Ex-LB: Adding h. check for vSphere external LB se… #62828
Conversation
openshift-ci
bot
added
the
size/M
dfitzmau
force-pushed
the
OCPBUGS-7621-health-Ex-LB
branch
from
742fca3
to
f640a03
Compare
|
🤖 Updated build preview is available at: Build log: https://circleci.com/gh/ocpdocs-previewbot/openshift-docs/20582 |
dfitzmau
force-pushed
the
OCPBUGS-7621-health-Ex-LB
branch
2 times, most recently
from
718215d
to
f0413b9
Compare
|
|
||
| To determine that an external load balancer functions correctly, perform a health check on each backend service. A healthy backend service must establish a connection to all health check probes/connection requests. | ||
|
|
||
| Create a `Pod` object/health check resource and then specify parameters the probe checks. The settings you apply to the resource depend on the type of external load balancer that you configured for your cluster. Ensure that you create a resource for each backend service. You can then issue the following command to perform a health check on the resource: |
There was a problem hiding this comment.
Pod object or health check resource?
There was a problem hiding this comment.
I'm not sure about this one. @cybertron do you have any thoughts on this(or know someone who would)?
There was a problem hiding this comment.
I'm a little confused about what's going on here. We're creating a health-check pod (from what image?) and then adding probes on it? Is the probe config below being consumed by something in the pod? Health checking the pod itself isn't going to work, unless it's got some mechanism to forward the checks to the external LB. I guess I'm unfamiliar with this resource and there's not enough here for me to connect the dots.
My assumption has been that external loadbalancers need to be monitored externally. I suppose you could run the monitoring in the cluster, but if something does fail then your monitoring is unavailable too.
Edit: I see this is based on a KCP which is equally vague about what is happening here. I think we need a bunch more clarification from the bug reporter about what they're asking for. The KCP is missing a lot of context, like where do these health check snippets go? I assume it was obvious to the writer, but as someone who isn't familiar with this I have no idea what to do with them.
There was a problem hiding this comment.
This doesn't make sense to me around health check pod.
When configuring an external load balancer for an OpenShift cluster, it is not sufficient to just determine whether a backend (e.g. the api, machine config or ingress) is up or down just by the port.
All commercial load balancers, including HAProxy, support the idea of "health probes." These need to be configured IN the external load balancer. The solutions article provides the examples of what these should be.
For example, the ingress controller. If we were to configure that in say, an F5, we would configure the F5 to have each of the ingress controllers as backends. In addition, we would configure a health probe.
Path: HTTP:1936/healthz/ready
Healthy threshold: 2
Unhealthy threshold: 2
Timeout: 5
Interval: 10
The F5 would then use two data points to determine if the F5 is available:
First, it would use the ingress controller ports (default 80 and 443).
Second, it would do an HTTP GET to the backend IP and port 1936. If that returns back successful, then the ingress controller is healthy.
Only if both of these points are true will the F5 send traffic to that ingress controller.
I've attached a visual to show what this would look like.
This only shows around the ingress controller, but the similar setup would be for the API and the Machine Config API.
HTH,
-CFH
|
|
||
| .Verification | ||
|
|
||
| To determine that an external load balancer functions correctly, perform a health check on each backend service. A healthy backend service must establish a connection to all health check probes/connection requests. |
There was a problem hiding this comment.
Health check probes or connection requests?
dfitzmau
force-pushed
the
OCPBUGS-7621-health-Ex-LB
branch
from
f0413b9
to
ac95087
Compare
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
@dfitzmau Here are the diagrams we talked about. In draw.io format (zipped, so github would accept them). There are in three tabs for each of the three cases: API, Machine Config API, and Ingress. |
|
Closing PR. Work moved to #65501 |
OCPBUGS-7621
Version(s):
4.14 through to 4.10
Link to docs preview:
Configuring an external load balancer
QE review:
Additional information: