kube-api-endpoint relation between control-plane and worker creates SPOF in OpenStack integration
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Charmed Kubernetes Bundles |
Fix Released
|
High
|
George Kraft |
Bug Description
In the current documentation and the overlay bundle, there is a relation for OpenStack integration as:
- ['kubernetes-
https:/
https:/
By doing so, worker nodes connect the control plane using a private IP of the control-plane node, which by-passes the OpenStack load balancer. When the control plane node is down, worker nodes cannot connect to other remaining and living control plane nodes.
By removing the relation, worker nodes will have the OpenStack LB's address in /root/.kube/config.
Can we revisit the previous changes and agree what's the expected config for the OpenStack integration?
https:/
https:/
Changed in charmed-kubernetes-bundles: | |
status: | In Progress → Fix Committed |
Changed in charmed-kubernetes-bundles: | |
status: | Fix Committed → Fix Released |
192.168.151.72 - external IP address of OpenStack LB (Octavia Amphora) as expected control- plane/0 as SPOF
10.5.5.14 - internal IP address of kubernetes-
$ juju run --unit kubernetes-worker/0 -- cat /root/.kube/config | grep server: /192.168. 151.72: 443
server: https:/
$ juju add-relation kubernetes- worker: kube-api- endpoint kubernetes- control- plane:kube- api-endpoint
$ juju-wait -w
$ juju run --unit kubernetes-worker/0 -- cat /root/.kube/config | grep server: /10.5.5. 14:6443
server: https:/
$ juju remove-relation kubernetes- worker: kube-api- endpoint kubernetes- control- plane:kube- api-endpoint
$ juju-wait -w
$ juju run --unit kubernetes-worker/0 -- cat /root/.kube/config | grep server: /192.168. 151.72: 443
server: https:/