Recently I have tried to install openshift 4.2 on VMWare and followed this documentation https://blog.openshift.com/openshift-4-2-vsphere-install-with-static-ips/ so I was able to install it successfully and it's working fine. But this installation is using a single LoadBalancer (HAProxy) for everything.
So In my case, the IP of LoadBalancer was 10.68.33.62 then I mapped the URL like below
10.68.33.62 api.openshift4.example.com
10.68.33.62 api-int.openshift4.example.com
10.68.33.62 *.apps.openshift4.example.com
That means all the URL's in a single LoadBalancer. I was able to access the console from below URL
https://console-openshift-console.apps.openshift4.example.com
Even another app was able to access from https://anotherapp.apps.openshift4.example.com
HA Proxy config file
frontend openshift-api-server
bind *:6443
default_backend openshift-api-server
mode tcp
option tcplog
backend openshift-api-server
balance source
mode tcp
server bootstrap 10.68.33.66:6443 check
server master1 10.68.33.63:6443 check
server master2 10.68.33.67:6443 check
server master3 10.68.33.68:6443 check
frontend machine-config-server68
bind *:22623
default_backend machine-config-server
mode tcp
option tcplog
backend machine-config-server
balance source
mode tcp
server bootstrap 10.68.33.66:22623 check
server master1 10.68.33.63:22623 check
server master2 10.68.33.67:22623 check
server master3 10.68.33.68:22623 check
frontend ingress-http
bind *:80
default_backend ingress-http
mode tcp
option tcplog
backend ingress-http
balance source
mode tcp
server worker1 10.68.33.64:80 check
server worker2 10.68.33.65:80 check
frontend ingress-https
bind *:443
default_backend ingress-https
mode tcp
option tcplog
backend ingress-https
balance source
mode tcp
server worker1 10.68.33.64:443 check
server worker2 10.68.33.65:443 check
But After reading the documentation https://docs.openshift.com/container-platform/4.2/installing/installing_vsphere/installing-vsphere.html#installation-network-user-infra_installing-vsphere I decided to use two load balancers. The API requires one load balancer and the default Ingress Controller needs the second load balancer to provide ingress to applications.
Now in this case I mapped the URL like below
10.68.33.62 api.openshift4.example.com
10.68.33.62 api-int.openshift4.example.com
And assuming IP of the second loadbalancer is 10.68.33.69
10.68.33.69 *.apps.openshift4.example.com
And HAProxy config for the first loadbalancer is only balancing the master nodes.
frontend openshift-api-server
bind *:6443
default_backend openshift-api-server
mode tcp
option tcplog
backend openshift-api-server
balance source
mode tcp
server bootstrap 10.68.33.66:6443 check
server master1 10.68.33.63:6443 check
server master2 10.68.33.67:6443 check
server master3 10.68.33.68:6443 check
frontend machine-config-server68
bind *:22623
default_backend machine-config-server
mode tcp
option tcplog
backend machine-config-server
balance source
mode tcp
server bootstrap 10.68.33.66:22623 check
server master1 10.68.33.63:22623 check
server master2 10.68.33.67:22623 check
server master3 10.68.33.68:22623 check
And the second load balancer is balancing only worker nodes because it will be serving only applications.
frontend ingress-http
bind *:80
default_backend ingress-http
mode tcp
option tcplog
backend ingress-http
balance source
mode tcp
server worker1 10.68.33.64:80 check
server worker2 10.68.33.65:80 check
frontend ingress-https
bind *:443
default_backend ingress-https
mode tcp
option tcplog
backend ingress-https
balance source
mode tcp
server worker1 10.68.33.64:443 check
server worker2 10.68.33.65:443 check
But unfortunately it's not working. Is my understanding correct? In a nutshell, I want to balance the Master Console and API's via first loadbalancer and the apps via second loadbalancer. How will I achieve it?
Thanks