Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #8527 from dulek/kuryr-lb-api

Make Kuryr connect to OpenShift API through LB
Scott Dodson 6 years ago
parent
a76d50eb57 9ae8fd7d76
commit
01fccd65cb
4 changed files with 19 additions and 3 deletions
Split View Show Diff Stats
  1. 1 0
      playbooks/openstack/inventory.py
  2. 15 0
      roles/kuryr/README.md
  3. 2 2
      roles/kuryr/templates/configmap.yaml.j2
  4. 1 1
      roles/openshift_openstack/templates/heat_stack.yaml.j2

+ 1 - 0
playbooks/openstack/inventory.py
View File 

@@ -210,6 +210,7 @@ def _get_kuryr_vars(cloud_client, data):
 
     settings['kuryr_openstack_pod_sg_id'] = data['pod_access_sg_id']
 
     settings['kuryr_openstack_pod_project_id'] = (
 
         cloud_client.current_project_id)
 
+    settings['kuryr_openstack_api_lb_ip'] = data['private_api_ip']
 
 
     settings['kuryr_openstack_auth_url'] = cloud_client.auth['auth_url']
 
     settings['kuryr_openstack_username'] = cloud_client.auth['username']

+ 15 - 0
roles/kuryr/README.md
View File 

@@ -40,6 +40,21 @@ pods. This allows to have interconnectivity between pods and OpenStack VMs.
 
 * ``openshift_kuryr_precreate_subports=5``
 
 * ``openshift_kuryr_device_owner=compute:kuryr``
 
 
+## OpenShift API loadbalancer
 
+
 
+Kuryr is connecting to OpenShift API through the load balancer created by
 
+OpenStack playbook. Both Octavia and Neutron LBaaS v2 hardcode 50 seconds as
 
+client and server inactivity timeout. This is a low value for Kuryr, which is
 
+watching K8s API forever. If connection will get closed by the LB, Kuryr will
 
+restart it with some messages about it in the logs.
 
+
 
+If you have access to your OpenStack cloud configuration you can disable the
 
+timeouts by providing custom HA proxy templates to your LBaaS v2 or Octavia
 
+installations. It's controlled by ``[haproxy]jinja_config_template`` option in
 
+Neutron LBaaS v2 and ``[haproxy_amphora]haproxy_template`` in Octavia's config.
 
+Please note that such configuration change will affect all the load balancers
 
+created in the cloud.
 
+
 
 ## Kuryr resources
 
 
 * [Kuryr documentation](https://docs.openstack.org/kuryr-kubernetes/latest/)

+ 2 - 2
roles/kuryr/templates/configmap.yaml.j2
View File 

@@ -191,7 +191,7 @@ data:
 
     #
 
 
     # The root URL of the Kubernetes API (string value)
 
-    api_root = {{ openshift.master.api_url }}
 
+    api_root = https://{{ kuryr_openstack_api_lb_ip }}:{{openshift_master_api_port}}
 
 
     # Absolute path to client cert to connect to HTTPS K8S_API (string value)
 
     # ssl_client_crt_file = /etc/kuryr/controller.crt
 
@@ -526,7 +526,7 @@ data:
 
     #
 
 
     # The root URL of the Kubernetes API (string value)
 
-    api_root = {{ openshift.master.api_url }}
 
+    api_root = https://{{ kuryr_openstack_api_lb_ip }}:{{openshift_master_api_port}}
 
 
     # Absolute path to client cert to connect to HTTPS K8S_API (string value)
 
     # ssl_client_crt_file = /etc/kuryr/controller.crt

+ 1 - 1
roles/openshift_openstack/templates/heat_stack.yaml.j2
View File 

@@ -80,7 +80,7 @@ outputs:
 
     description: >
 
       The address of the private OpenShift API. This is used during OpenShift
 
       deployment and for API access by the internal pods and services.
 
-{% if openshift_openstack_use_lbaas_load_balancer %}
 
+{% if openshift_openstack_use_lbaas_load_balancer or openshift_use_kuryr|default(false)|bool %}
 
     value: { get_attr: [api_lb, vip_address] }
 
 {% elif openshift_openstack_use_vm_load_balancer %}
 
     value: { get_attr: [loadbalancer, resource.0, private_ip] }