[Openstack-operators] [openstack-dev][publiccloud-wg][k8s][octavia] OpenStack Load Balancer APIs and K8s

Flint WALRUS gael.therond at gmail.com
Mon May 28 19:35:22 UTC 2018


Using 1.10. Something, I’ll have to check tomorrow morning.

I don’t want to use nginx or the provided haproxy as my Octavia LBaaS is a
global service and because the less I rely on Kube the more I’m happy ;-)
Le lun. 28 mai 2018 à 21:26, Saverio Proto <zioproto at gmail.com> a écrit :

> Hello Flint,
>
> what version of Kubernetes are you deploying on top of Openstack ?
>
> are you using the external Openstack cloud controller ? I tested it an
> it works only if you have at least v.1.10.3
>
> Look at this page:
>
> https://github.com/kubernetes/cloud-provider-openstack/tree/master/examples/loadbalancers
>
> Please test that you can make a SSL termination on the loadbalancer,
> describing it with Kubernetes yaml files. That is important for
> production operation. Test also if you have downtime when you have to
> renew SSL certificates.
>
> You will also want to check that traffic that hits your pods has the
> HTTP header X-Forwarded-For, or even better the IP packets you receive
> at the Pods have the source IP address of the original client.
>
> If needed test everything also with IPv6
>
> I personally decided not to use Octavia, but to go for the Kubernetes
> ingress-nginx
> https://github.com/kubernetes/ingress-nginx
>
> The key idea is that instead of Openstack controlling the LoadBalancer
> having Octavia spinning up a VM running nginx, you have Kubernetes
> controlling the LoadBalancer, running a nginx-container.
> At the end you need a nginx to reverse proxy, you have to decided if
> this resource is managed by Openstack or Kubernetes.
>
> Keep in mind that if you go for a kubernetes ingress controller you
> can avoid using nginx. There is already an alternative ha-proxy
> implementation:
> https://www.haproxy.com/blog/haproxy_ingress_controller_for_kubernetes/
>
> Cheers,
>
> Saverio
>
> 2018-05-28 19:09 GMT+02:00 Flint WALRUS <gael.therond at gmail.com>:
> > Hi everyone, I’m currently deploying Octavia as our global LBaaS for a
> lot
> > of various workload such as Kubernetes ingress LB.
> >
> > We use Queens and plan to upgrade to rocky as soon as it reach the stable
> > release and we use the native Octavia APIv2 (Not a neutron redirect etc).
> >
> > What do you need to know?
> >
> > Le lun. 28 mai 2018 à 14:50, Saverio Proto <zioproto at gmail.com> a écrit
> :
> >>
> >> Hello Chris,
> >>
> >> I finally had the time to write about my deployment:
> >>
> >>
> https://cloudblog.switch.ch/2018/05/22/openstack-horizon-runs-on-kubernetes-in-production-at-switch/
> >>
> >> in this blog post I explain why I use the kubernetes nginx-ingress
> >> instead of Openstack LBaaS.
> >>
> >> Cheers,
> >>
> >> Saverio
> >>
> >>
> >> 2018-03-15 23:55 GMT+01:00 Chris Hoge <chris at openstack.org>:
> >> > Hi everyone,
> >> >
> >> > I wanted to notify you of a thread I started in openstack-dev about
> the
> >> > state
> >> > of the OpenStack load balancer APIs and the difficulty in integrating
> >> > them
> >> > with Kubernetes. This in part directly relates to current public and
> >> > private
> >> > deployments, and any feedback you have would be appreciated.
> Especially
> >> > feedback on which version of the load balancer APIs you deploy, and if
> >> > you
> >> > haven't moved on to Octavia, why.
> >> >
> >> >
> >> >
> http://lists.openstack.org/pipermail/openstack-dev/2018-March/128399.html
> >> > <
> http://lists.openstack.org/pipermail/openstack-dev/2018-March/128399.html>
> >> >
> >> > Thanks in advance,
> >> > Chris
> >> > _______________________________________________
> >> > OpenStack-operators mailing list
> >> > OpenStack-operators at lists.openstack.org
> >> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> >>
> >> _______________________________________________
> >> OpenStack-operators mailing list
> >> OpenStack-operators at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20180528/2637b274/attachment-0001.html>


More information about the OpenStack-operators mailing list