docs: Add design document for Control Plane Ingress HA #3417
Conversation
TeddyAndrieux
requested review from
NicolasT,
xaf-scality,
thomasdanan,
gdemonet and
a team
Hello teddyandrieux,My role is to assist you with the merge of this Status report is not available. |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
| `MetalLB <https://metallb.universe.tf/>`_ so that we can rely on layer2 | ||
| ARP requests when possible or let MetalLB advertise IPs using BGP when | ||
| the user router support it. |
There was a problem hiding this comment.
Do we plan to support BGP-based address management?
There was a problem hiding this comment.
I don't know, it's more a question for @thomasdanan
But to me, since it's built-in metallb it's only some field to fill in the metallb config it's easy to "support" it
There was a problem hiding this comment.
But then we need to test it and make it configurable... If most of our customer base and target audience for ARTESCA is OK with the L2 approach, I think we should try to keep it constrained. Once we get a clear use-case to address, we can add it easily using your suggested approach 👌
There was a problem hiding this comment.
Yes I agree, I can remove it for the moment and stay on Layer2 only.
Maybe @xaf-scality you have an opinion on this one as well ?
| ~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| MetalLB is not deployed in every environment so it needs to be configurable | ||
| from the Bootstrap configuration file, that’s why we have a new field about |
There was a problem hiding this comment.
How is this done? What's for configuration format? How is this backwards-compatible? How can it be made forward-compatible?
There was a problem hiding this comment.
You can check #3418, basically, I have a metallb key in networks:controlPlane and in this dict I have enabled (which default to false) and an optional config field that get merge with a default MetalLB configuration
metalk8s/salt/_pillar/metalk8s.py
Lines 94 to 119 in a406960
There was a problem hiding this comment.
But as I answered in another comment below, if we do not support BGP we do not need to expose config and we can also hide "metallb" from Bootstrap config and documentation, and just put manageVIP: true/false (or something else) in the bootstrap config
| .. code-block:: yaml | ||
|
|
||
| address-pools: | ||
| - name: ingress-ip |
There was a problem hiding this comment.
Let's find a more descriptive name.
There was a problem hiding this comment.
Sure, any suggestion?
Maybe metalk8s-control-plane-entrypoint-ip ?
There was a problem hiding this comment.
control-plane-ingress-ip?
| But, since BGP router configuration can be really different between various | ||
| environments, we need to make sure this | ||
| `MetalLB configuration <https://metallb.universe.tf/configuration/#bgp-configuration>`_ | ||
| is exposed, that’s why we also have the ability to override default MetalLB | ||
| configuration from the Bootstrap configuration file in order to provide BGP | ||
| router information. |
There was a problem hiding this comment.
This implies we'd support BGP-based environments. Should we, now? Could we, later?
There was a problem hiding this comment.
We can say we will do this later, just it's really easy to expose this MetalLB functionally, but maybe we do not want to expose it for the moment and do not talk about it at all
| - Describe all new Bootstrap configuration fields (with some links | ||
| to MetalLB documentation to configure MetalLB to use BGP protocol) |
There was a problem hiding this comment.
So we'd directly expose (a subset of) the MetalLB configuration in BootstrapConfiguration? Not sure that's wise. What if we want to switch MetalLB to something else later? If it really required to have access to all of MetalLBs tunables? Is that a feature we provide?
There was a problem hiding this comment.
Depends if we want to support BGP or not, if we only support Layer2 mode then we do not need to expose MetalLB config and just add "something" to enable or not MetalLB (talking about MetaLLB directly in doc/bootstrap config or not)
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: |
TeddyAndrieux
force-pushed
the
improvement/design-for-cp-ingress-ha
branch
from
3aee727
to
648509e
Compare
| `MetalLB <https://metallb.universe.tf/>`_ so that we can rely on layer2 | ||
| ARP requests when possible or let MetalLB advertise IPs using BGP when | ||
| the user router support it. |
There was a problem hiding this comment.
But then we need to test it and make it configurable... If most of our customer base and target audience for ARTESCA is OK with the L2 approach, I think we should try to keep it constrained. Once we get a clear use-case to address, we can add it easily using your suggested approach 👌
| then we expect the DNS server to switch to another IP of a working Control | ||
| Plane node. | ||
|
|
||
| This approach was rejected because it’s not a real HA and we expect DNS server |
There was a problem hiding this comment.
not a real HA
Meaning...? Something along the lines of "transparent for clients", which isn't the case for DNS-based failover?
There was a problem hiding this comment.
It may be transparent if the DNS server is active and properly switch from an IP to another in case of failure, but as is it's a "False HA" since we do not have any HA we just move the "problem": "we do not need the IP to be HA but a specific DNS"
| NOTE: Changing this Control Plane Ingress IP means we need to reconfigure | ||
| all Kubernetes APIServer since we use this Ingress IP as an OIDC provider. |
There was a problem hiding this comment.
this will change with oauth2-proxy I think, but we'll need to reconfigure the proxy anyway 😇
There was a problem hiding this comment.
Likely yes, but since we do not have any design for oauth2-proxy yet I do not mention it
| .. code-block:: yaml | ||
|
|
||
| address-pools: | ||
| - name: ingress-ip |
There was a problem hiding this comment.
control-plane-ingress-ip?
| deployments, since MetalLB will be the entry point in the Kubernetes cluster | ||
| we do not need to use a DaemonSet running on every Control Plane nodes, | ||
| instead, we will use a Deployment with 2 replicas. |
There was a problem hiding this comment.
Won't this cause unnecessary mesh networking? I guess it's not super critical for control plane, but I don't really see the benefit of switching to a Deployment.
There was a problem hiding this comment.
It's less ressources, here we stick with 2 replicas for the full cluster (no matter the number of Control Plane nodes).
To me it's more like, "why should we use a DaemonSet when we can use a Deployment ?"
I think @NicolasT also had other arguments
There was a problem hiding this comment.
OK OK, I would just vote for lowering the priority of this switch:
- it's an architecture change, so it has an impact on users willing to operate/monitor our stuff
- it's not a huge win (an idle Ingress controller doesn't take much resources)
| We also need to configure the Service for Ingress Controller differently | ||
| depending on if we use MetalLB or not when we use it we want to use a | ||
| LoadBalancer service, set the LoadBalancerIP to IngressIP provided by | ||
| the user and set externalTrafficPolicy to Local. If we do not use MetalLB |
There was a problem hiding this comment.
If we use Local, why don't we set up the Ingress controller pods to run locally to each node? What happens if no replica runs locally?
There was a problem hiding this comment.
Hmm to me, when you use Local anyway the VIP will sit on one node that has some "pod" of the Service running locally,so it cannot happens
There was a problem hiding this comment.
Ah OK, I misunderstood this behaviour then.
TeddyAndrieux
force-pushed
the
improvement/design-for-cp-ingress-ha
branch
from
8a40f1a
to
e813922
Compare
TeddyAndrieux
dismissed
NicolasT’s stale review
all comment get fixed/answered (document can still be updated later if need to)
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
|
/approve |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue None. Goodbye teddyandrieux. |
Design for Control Plane Ingress HA
Sees: #2381