Allow custom route specification on GlobalRouteDiscovery

[gomesar9]

Hi all,

we are trying to configure the operator in a cloud infrastructure (AWS) and are facing problems to use custom OCP routes:

We've create a custom service to enable valid HTTPS traffic, with custom certs, through global load balancer and keep our (also valid, not self-signed) cluster certs working.

In this way we can use endpoints from our cluster domain, and use endpoints with a "global" domain, pointing to another Load Balancer, managed by this new service, and configured with the relevant cert/key.

Like:

1. On cluster1:

---
kind: Service
apiVersion: v1
metadata:
  name: router-custom
  namespace: openshift-ingress
  labels:
    app: router-custom
    router: router-custom
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '1800'
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: '2'
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: '5'
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: '4'
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: '2'
    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
spec:
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: http
    - name: https
      protocol: TCP
      port: 443
      targetPort: https
  selector:
    ingresscontroller.operator.openshift.io/deployment-ingresscontroller: glb
  type: LoadBalancer
  externalTrafficPolicy: Local

2. On cluster-manager:

---
apiVersion: redhatcop.redhat.io/v1alpha1
kind: GlobalDNSRecord
metadata:
  name: glb-manual-test
  namespace: global-load-balancer-operator
  labels:
    app: frontend
spec:
  endpoints:
    - clusterCredentialRef:
        name: cluster1
        namespace: cluster1
      clusterName: cluster1
      loadBalancerServiceRef:
        name: router-custom
        namespace: openshift-ingress
  globalZoneRef:
    name: route53-global-dns-zone
  loadBalancingPolicy: Multivalue
  name: glb-test.glb.my.domain.here
  ttl: 60

It works fine, but we loose the Auto Discovery because can not set these parameters in the GlobalRouteDiscovery resource:

    loadBalancerServiceRef:
        name: router-custom
        namespace: openshift-ingress

Can we have this option? to auto create GlobalDNSRecord with specific router names/namespaces?

Thanks

[raffaelespazzoli]

The configuration you describe should actually be supported by the operator, so the addition you mention should not be needed.
Just as a sanity check, I assume you have router sharding and that the global routes are picked up only by your router-custom.
Can you confirm that?
Also do you see anything in the logs regarding the route discovery controller?

[gomesar9]

Hi, yes the global route may only be assigned to routes labeled, lets say, router: router-custom and picked up by router-custom service.

What I mean is, just correctly labeling an application route, the operator must automatically build a new GlobalDNSRecord (via GlobalRouteDiscovery) with:

    loadBalancerServiceRef:
        name: router-custom
        namespace: openshift-ingress

But It's not listed as a configurable spec in GlobalRouteDiscovery resources. (It seems to be configurable only directly in GlobalDNSRecord)

Can you confirm this is already possible?
Our running version is: 1.2.0

[raffaelespazzoli]

it should already work, the route discovery operator should correctly populate those fields.
Can you attach the following:

1. route definition with status
2. global route discovery
3. generated global dns record.

[raffaelespazzoli]

may I close this?