[magnum] Change `floating_ip_enabled` behavior

Lingxian Kong anlin.kong at gmail.com
Sun Mar 10 20:07:10 UTC 2019


Hi,

As an openstack based public cloud, we have deployed Magnum in our
production recently, but we found there is something that our customer is
unhappy with. One of them is when `floating_ip_enabled` and
`master_lb_enabled` are both set for the Kubernetes cluster, Magnum
allocates floating IPs for master load balancer VIP, etcd service load
balancer VIP, each master node and even each worker node, which costs too
much for the public cloud customers.

So, I've proposed a patch[1] to improve that which needs feedback from the
community:

1. If `floating_ip_enabled` is set, don't allocate floating IP for etcd
service and worker nodes by default. The etcd service should be dedicated
to the kubernetes cluster and only accessible within the cluster for
security reasons. If the user has the requirement for worker node
maintenance, she can manually associate floating IP with the worker node.
2. If `floating_ip_enabled` and `master_lb_enabled` are both set, don't
allocate floating IP for each master node. In the multi-master scenario,
all other services talk to kubernetes control plane via the master load
balancer VIP, the master node itself doesn't need to be exposed to the
public internet to avoid the attack surface against the cluster.

If the changes above affect you, please reply this email or ping me
(lxkong) in the #openstack-containers IRC channel, or leave your comments
in the patch directly. Any feedback is appreciated.

[1]: https://review.openstack.org/#/c/641547

Cheers,
Lingxian Kong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190311/af536758/attachment-0001.html>


More information about the openstack-discuss mailing list