Open Stack

Hello Flint,

what version of Kubernetes are you deploying on top of Openstack ?

are you using the external Openstack cloud controller ? I tested it an
it works only if you have at least v.1.10.3

Look at this page:
https://github.com/kubernetes/cloud-provider-openstack/tree/master/examples/loadbalancers

Please test that you can make a SSL termination on the loadbalancer,
describing it with Kubernetes yaml files. That is important for
production operation. Test also if you have downtime when you have to
renew SSL certificates.

You will also want to check that traffic that hits your pods has the
HTTP header X-Forwarded-For, or even better the IP packets you receive
at the Pods have the source IP address of the original client.

If needed test everything also with IPv6

I personally decided not to use Octavia, but to go for the Kubernetes
ingress-nginx
https://github.com/kubernetes/ingress-nginx

The key idea is that instead of Openstack controlling the LoadBalancer
having Octavia spinning up a VM running nginx, you have Kubernetes
controlling the LoadBalancer, running a nginx-container.
At the end you need a nginx to reverse proxy, you have to decided if
this resource is managed by Openstack or Kubernetes.

Keep in mind that if you go for a kubernetes ingress controller you
can avoid using nginx. There is already an alternative ha-proxy
implementation:
https://www.haproxy.com/blog/haproxy_ingress_controller_for_kubernetes/

Cheers,

Saverio

2018-05-28 19:09 GMT+02:00 Flint WALRUS <gael.therond at gmail.com>:
> Hi everyone, I’m currently deploying Octavia as our global LBaaS for a lot
> of various workload such as Kubernetes ingress LB.
>
> We use Queens and plan to upgrade to rocky as soon as it reach the stable
> release and we use the native Octavia APIv2 (Not a neutron redirect etc).
>
> What do you need to know?
>
> Le lun. 28 mai 2018 à 14:50, Saverio Proto <zioproto at gmail.com> a écrit :
>>
>> Hello Chris,
>>
>> I finally had the time to write about my deployment:
>>
>> https://cloudblog.switch.ch/2018/05/22/openstack-horizon-runs-on-kubernetes-in-production-at-switch/
>>
>> in this blog post I explain why I use the kubernetes nginx-ingress
>> instead of Openstack LBaaS.
>>
>> Cheers,
>>
>> Saverio
>>
>>
>> 2018-03-15 23:55 GMT+01:00 Chris Hoge <chris at openstack.org>:
>> > Hi everyone,
>> >
>> > I wanted to notify you of a thread I started in openstack-dev about the
>> > state
>> > of the OpenStack load balancer APIs and the difficulty in integrating
>> > them
>> > with Kubernetes. This in part directly relates to current public and
>> > private
>> > deployments, and any feedback you have would be appreciated. Especially
>> > feedback on which version of the load balancer APIs you deploy, and if
>> > you
>> > haven't moved on to Octavia, why.
>> >
>> >
>> > http://lists.openstack.org/pipermail/openstack-dev/2018-March/128399.html
>> > <http://lists.openstack.org/pipermail/openstack-dev/2018-March/128399.html>
>> >
>> > Thanks in advance,
>> > Chris
>> > _______________________________________________
>> > OpenStack-operators mailing list
>> > OpenStack-operators at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators