[openstack-dev] [openstack-helm] Question about API endpoints

Hyunsun Moon hyunsun.moon at gmail.com
Mon Mar 5 07:42:57 UTC 2018 

Hi Yoshihiko,

If you have physical LB in your environment, you might want to make use of NodePort for distributing the access to multiple controller nodes. In that case, it is recommended to set Values.network.external_policy_local to true so that you could eliminate unnecessary hops.
Ingress backed by nginx could be used of course, but as you pointed, IP address of the node where ingress pod resides will be the address you’re accessing, which might not be desirable in many use cases.
If you plan to try it on GCP/GKE, where the ingress controller is backed by GCP’s load-balancer service, NodePort + ingress seems valid option for exposing your service to external.
FYI, https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer <https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer>

Hope this helps.

Hyunsun


> On 5 Mar 2018, at 2:34 PM, 渥美 慶彦 <atsumi.yoshihiko at po.ntt-tx.co.jp> wrote:
> 
> Hi all,
> # Resend with openstack-helm tag
> 
> I try to deploy multinode OpenStack by openstack-helm
> and want to access OpenStack API endpoints from out of k8s nodes.
> To avoid service failure by node down, I think I need one virtual IP for the endpoints.(like Pacemaker)
> Could you show me how to realize that if you have any information?
> 
> A. Deploy OpenStack services for NodePort, and distribute the access to nodes using physical Load Balancer.
> B. Using Ingress?
>   I think Ingress is for L7 routing, so it can't be used to create VIP for the endpoints.
> C. Any other ideas?
> 
> And when I try this on GCP/GKE, is there any difference from on-premises?
> 
> best regards
> 
> -- 
> --------------------------------------------------------
> Yoshihiko Atsumi
> E-mail:atsumi.yoshihiko at po.ntt-tx.co.jp
> --------------------------------------------------------
> 
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180305/76630640/attachment.html>

More information about the OpenStack-dev mailing list