Hi,

As an openstack based public cloud, we have deployed Magnum in our production recently, but we found there is something that our customer is unhappy with. One of them is when `floating_ip_enabled` and `master_lb_enabled` are both set for the Kubernetes cluster, Magnum allocates floating IPs for master load balancer VIP, etcd service load balancer VIP, each master node and even each worker node, which costs too much for the public cloud customers.

So, I've proposed a patch[1] to improve that which needs feedback from the community:

1. If `floating_ip_enabled` is set, don't allocate floating IP for etcd service and worker nodes by default. The etcd service should be dedicated to the kubernetes cluster and only accessible within the cluster for security reasons. If the user has the requirement for worker node maintenance, she can manually associate floating IP with the worker node.

2. If `floating_ip_enabled` and `master_lb_enabled` are both set, don't allocate floating IP for each master node. In the multi-master scenario, all other services talk to kubernetes control plane via the master load balancer VIP, the master node itself doesn't need to be exposed to the public internet to avoid the attack surface against the cluster.

If the changes above affect you, please reply this email or ping me (lxkong) in the #openstack-containers IRC channel, or leave your comments in the patch directly. Any feedback is appreciated.

[1]: https://review.openstack.org/#/c/641547

Cheers,
Lingxian Kong