Thank you for your videos! They are very helpful for me! If I understand correctly; If I use the agent based installer under vSphere or bare-metal with 3 worker and 3 control nodes on the same L2 segment I don't need an external load balancer or anything? I just need to point the DNS records to a VIP adress and the cluster will take care of this with internal load balancing? If I want to split up everything the between 3 availability zones with seperate L3 segments I need my own external load balancer correct? In this case I need to set the platform to none right? Thanks for your help!
what about that the Platform set to None is not in the official Docs for Agent Base does that will make it non supported installation or it will be ok to do it with external Load Balancer such as F5 to make sure that we are in distributed BareMetal and under coverage of HA F5 LB !!!!!, one thing more why you have included the ironic LB in your Fortinet LB is it mandatory even if i will just use OpenShift without RHOSO on top of it, your reply highly appreciated :)
Hi @ssaa3209. Thanks for your comment. Setting platform to None is supported, however it does come with some small tradeoffs not described in this video like no machine-api or disabled metal3. The second one can be added just fine day2. I think it's totally worth it .. I have been running this architecture for few months with very little sacrifices. One lessons learned is to not create MCP for each AZs unless you are running a large cluster. It's not best fit for everything. I generally still use a mix of distributed and regular clusters that are running in the same layer2 and then abstract them with something like ArgoCD or ACM. There is pros and cons to everything. As of ironic LB, I have created it but it's not even used in my deployment. There is a very niche use case for this. Not even RHOSO would use that as far as I can tell. Just disregard it and sorry for confusion.
@@TrustedAdvisor-chrisj PLease Can you share the Full used Install-config.yaml file as well as the agent-config.yaml just to make sure that i have all the populated settings correct !!!!, another question in another situation if i need to segregate the LB between the HA LB and the KeepAlived can i do it and in this case what is the Config inside the install-config.yaml ??? how it will be Entered !!!!!!!!
@@TrustedAdvisor-chrisj sorry for rebounding but how the Cluster will know about the IP's of the API and Ingress VIP, in the install-config only user managed but no further info !!! is that enough ?? appreciate your response
There is really no need for injecting those 2 VIPs into install-config. Just ensure your DNS A records are in place and that you LB can properly direct traffic to controllers for the API traffic and your workers/computes for the Ingress Controller traffic. The included yaml files worked for me.
Every software is locking you in, but OpenShift I'd argue to a lesser degree. You could move to other Kubernetes distribution relatively easy. Also there is a OKD option if you decide to not pay a vendor for support. Thanks for your comment.
@fio_mak OKD is an upstream, unpaid version of Openshift. No vendor support, though, just like a plain K8s. Going with the upstream Kubernetes is just fine as long as you can cover the talent that will manage it. Thanks for your input.
Terrific Video and a great explanation of a very complex topic. Really well done!
Thanks, @kevintunks739!
Thank you for your videos! They are very helpful for me! If I understand correctly; If I use the agent based installer under vSphere or bare-metal with 3 worker and 3 control nodes on the same L2 segment I don't need an external load balancer or anything? I just need to point the DNS records to a VIP adress and the cluster will take care of this with internal load balancing?
If I want to split up everything the between 3 availability zones with seperate L3 segments I need my own external load balancer correct? In this case I need to set the platform to none right?
Thanks for your help!
Yes, that is a great summary. you got it
what about that the Platform set to None is not in the official Docs for Agent Base does that will make it non supported installation or it will be ok to do it with external Load Balancer such as F5 to make sure that we are in distributed BareMetal and under coverage of HA F5 LB !!!!!, one thing more why you have included the ironic LB in your Fortinet LB is it mandatory even if i will just use OpenShift without RHOSO on top of it, your reply highly appreciated :)
Hi @ssaa3209. Thanks for your comment. Setting platform to None is supported, however it does come with some small tradeoffs not described in this video like no machine-api or disabled metal3. The second one can be added just fine day2. I think it's totally worth it .. I have been running this architecture for few months with very little sacrifices. One lessons learned is to not create MCP for each AZs unless you are running a large cluster. It's not best fit for everything. I generally still use a mix of distributed and regular clusters that are running in the same layer2 and then abstract them with something like ArgoCD or ACM. There is pros and cons to everything.
As of ironic LB, I have created it but it's not even used in my deployment. There is a very niche use case for this. Not even RHOSO would use that as far as I can tell. Just disregard it and sorry for confusion.
@@TrustedAdvisor-chrisj PLease Can you share the Full used Install-config.yaml file as well as the agent-config.yaml just to make sure that i have all the populated settings correct !!!!, another question in another situation if i need to segregate the LB between the HA LB and the KeepAlived can i do it and in this case what is the Config inside the install-config.yaml ??? how it will be Entered !!!!!!!!
I have just added the config into the description of the video. With the external LoadBalancer you will no longer need Keepalived
@@TrustedAdvisor-chrisj sorry for rebounding but how the Cluster will know about the IP's of the API and Ingress VIP, in the install-config only user managed but no further info !!! is that enough ?? appreciate your response
There is really no need for injecting those 2 VIPs into install-config. Just ensure your DNS A records are in place and that you LB can properly direct traffic to controllers for the API traffic and your workers/computes for the Ingress Controller traffic. The included yaml files worked for me.
OpenShift = Vendor Lockin!!
Every software is locking you in, but OpenShift I'd argue to a lesser degree. You could move to other Kubernetes distribution relatively easy. Also there is a OKD option if you decide to not pay a vendor for support. Thanks for your comment.
OKD?
BTW, one can simply use upstream k8s. Works like a charm on metal.
@fio_mak OKD is an upstream, unpaid version of Openshift. No vendor support, though, just like a plain K8s. Going with the upstream Kubernetes is just fine as long as you can cover the talent that will manage it. Thanks for your input.