LT
Для запущеного кластера - на сколько больно поменять CIDR и сервис нетворк без редеплоя с install.yml ?
Для OCP4 - неподдерживаемая процедура.
Size: a a a
2021 February 04
n
@leo_puh то есть только редеплой кластера ?
LT
АС
Для OCP4 - неподдерживаемая процедура.
🙁
n
@leo_puh спасибо за инфо!
ну у нас почти все автоматизировано с ансиблом со скип еррорс 😄 передеплоить не проблема ... Просто займет какое-то время. Главное что причину нашли.
ну у нас почти все автоматизировано с ансиблом со скип еррорс 😄 передеплоить не проблема ... Просто займет какое-то время. Главное что причину нашли.
2021 February 05
M
Hi guys, is there a simple way to preserve a source ip of a client outside a cluster Openshift?
I've got a UDP client that needs to talk with a UDP server into the OCP cluster.
This client is behind an F5 load balancer that is the entry point of the cluster. The F5 preserve the client IP and send the packet to the infra nodes that talks with a load balancer service. In the end this service send the packet to the destination server!
I've got a UDP client that needs to talk with a UDP server into the OCP cluster.
This client is behind an F5 load balancer that is the entry point of the cluster. The F5 preserve the client IP and send the packet to the infra nodes that talks with a load balancer service. In the end this service send the packet to the destination server!
M
Here's the problem: during this flow the server is able to see just the infa node IP instead of the original ip of the client!
M
Unfortunately set the externaltrafficpolicy to local I think is not the right think to do because the pod is located to another node and I've got 3 infra node (so I don't know which infra will be selected and this means that I can't use the node affinity)
M
X
Here's the problem: during this flow the server is able to see just the infa node IP instead of the original ip of the client!
may be try add sessionAffinity: ClientIP to service
M
Thanks a lot for the answer...you mean something like: sessionAffinity: ClientIP directly to the service yaml file?
X
Yes, it will stick client to pod and possibly get client ip, but i not testing this
M
perfect....I'm going to test it! give me a couple of minutes please
M
i'll let you know
X
Also see externalTrafficPolicy: local
DG
Also see externalTrafficPolicy: local
It definitely works well but has a drawback
DG
Traffic will be processed only by pods which run on the same node as the one received the initial request
X
there is such, if not super ha its work, but you can be supplemented scaling rules and increase pods
DG
Some node might not have pods behind the service at all. It may occur due to scheduler decisions, pod affinity rules and plenty other reasons. The logic behind the service object don't know anything about it and it result in partial service disruption.
X
then you need to think, as an option nodes with labels, daemonset and service tied to labels. In this constructions we have pods in node all time