Openshift 4.2 on VMware Vsphere, Loadbalancer Configuration and Understanding

1/20/2020

Recently I have tried to install openshift 4.2 on VMWare and followed this documentation https://blog.openshift.com/openshift-4-2-vsphere-install-with-static-ips/ so I was able to install it successfully and it's working fine. But this installation is using a single LoadBalancer (HAProxy) for everything.

So In my case, the IP of LoadBalancer was 10.68.33.62 then I mapped the URL like below

10.68.33.62  api.openshift4.example.com
10.68.33.62  api-int.openshift4.example.com
10.68.33.62  *.apps.openshift4.example.com

That means all the URL's in a single LoadBalancer. I was able to access the console from below URL

https://console-openshift-console.apps.openshift4.example.com

Even another app was able to access from https://anotherapp.apps.openshift4.example.com

HA Proxy config file

frontend openshift-api-server
    bind *:6443
    default_backend openshift-api-server
    mode tcp
    option tcplog

backend openshift-api-server
    balance source
    mode tcp
    server bootstrap 10.68.33.66:6443 check
    server master1 10.68.33.63:6443 check
    server master2 10.68.33.67:6443 check
    server master3 10.68.33.68:6443 check


frontend machine-config-server68
    bind *:22623
    default_backend machine-config-server
    mode tcp
    option tcplog

backend machine-config-server
    balance source
    mode tcp
    server bootstrap 10.68.33.66:22623 check
    server master1 10.68.33.63:22623 check
    server master2 10.68.33.67:22623 check
    server master3 10.68.33.68:22623 check


frontend ingress-http
    bind *:80
    default_backend ingress-http
    mode tcp
    option tcplog

backend ingress-http
    balance source
    mode tcp
    server worker1 10.68.33.64:80 check
    server worker2 10.68.33.65:80 check

frontend ingress-https
    bind *:443
    default_backend ingress-https
    mode tcp
    option tcplog

backend ingress-https
    balance source
    mode tcp
    server worker1 10.68.33.64:443 check
    server worker2 10.68.33.65:443 check

But After reading the documentation https://docs.openshift.com/container-platform/4.2/installing/installing_vsphere/installing-vsphere.html#installation-network-user-infra_installing-vsphere I decided to use two load balancers. The API requires one load balancer and the default Ingress Controller needs the second load balancer to provide ingress to applications.

Now in this case I mapped the URL like below

10.68.33.62  api.openshift4.example.com
10.68.33.62  api-int.openshift4.example.com

And assuming IP of the second loadbalancer is 10.68.33.69

10.68.33.69  *.apps.openshift4.example.com

And HAProxy config for the first loadbalancer is only balancing the master nodes.

frontend openshift-api-server
    bind *:6443
    default_backend openshift-api-server
    mode tcp
    option tcplog

backend openshift-api-server
    balance source
    mode tcp
    server bootstrap 10.68.33.66:6443 check
    server master1 10.68.33.63:6443 check
    server master2 10.68.33.67:6443 check
    server master3 10.68.33.68:6443 check


frontend machine-config-server68
    bind *:22623
    default_backend machine-config-server
    mode tcp
    option tcplog

backend machine-config-server
    balance source
    mode tcp
    server bootstrap 10.68.33.66:22623 check
    server master1 10.68.33.63:22623 check
    server master2 10.68.33.67:22623 check
    server master3 10.68.33.68:22623 check

And the second load balancer is balancing only worker nodes because it will be serving only applications.

frontend ingress-http
    bind *:80
    default_backend ingress-http
    mode tcp
    option tcplog

backend ingress-http
    balance source
    mode tcp
    server worker1 10.68.33.64:80 check
    server worker2 10.68.33.65:80 check

frontend ingress-https
    bind *:443
    default_backend ingress-https
    mode tcp
    option tcplog

backend ingress-https
    balance source
    mode tcp
    server worker1 10.68.33.64:443 check
    server worker2 10.68.33.65:443 check

But unfortunately it's not working. Is my understanding correct? In a nutshell, I want to balance the Master Console and API's via first loadbalancer and the apps via second loadbalancer. How will I achieve it?

Thanks

-- Nikit Swaraj
coreos
kubernetes
openshift
redhat
redhat-containers

0 Answers