yk8s.ch-k8s-lbaas
yk8s.ch-k8s-lbaas.agent_port
The TCP port on which the LBaaS agent should listen on the frontend nodes.
Type::
16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default::
15203
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.agent_source
Type::
RFC3986 HTTP(S) URL (scheme, authority and path only)
Default::
"https://github.com/cloudandheat/ch-k8s-lbaas/releases/download"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.agent_urls
Customize URLs for the agents. This will typically be a list of HTTP URLs
like http://agent_ip:15203. This option must be set if yk8s.ch-k8s-lbaas.port_manager is
set to static and is ignored otherwise.
Type::
list of RFC3986 HTTP URL (scheme and authority only)
Default::
[ ]
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.agent_user
Type::
POSIX user name
Default::
"ch-k8s-lbaas-agent"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.controller_repo
Type::
Kubernetes container image reference
Default::
"registry.gitlab.com/yaook/ch-k8s-lbaas/controller"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.controller_resources
Type::
submodule
Default::
{ }
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.controller_resources.limits.cpu
CPU limits should never be set.
Thus, this option is deprecated.
Type::
null or Kubernetes quantity
Default::
null
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.controller_resources.limits.memory
Request and limit for the LBaaS controller
Type::
null or Kubernetes quantity
Default::
"256Mi"
Example::
null
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.controller_resources.requests.cpu
Request and limit for the LBaaS controller
Type::
null or Kubernetes quantity
Default::
"100m"
Example::
null
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.controller_resources.requests.memory
Memory requests should always be equal to the limits.
Thus, this option is deprecated.
Type::
null or Kubernetes quantity
Default::
"\${config.yk8s.ch-k8s-lbaas.controller_resources.limits.memory}"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.enable_snat
Whether to enable source-nat’ing by the ch-k8s-lbaas-agents running on the frontend nodes.
Disabling this has a similar effect as a direct server return. It allows to see the real source IP of traffic sent to a LoadBalancer-service.
After reconfiguring this option, execute the following:
$ ./managed-k8s/actions/apply-k8s-supplements.sh install-ch-k8s-lbaas.yaml
to rollout necessary changes.
Running on OpenStack
If source-nat’ing is disabled, the frontend nodes will be configured to act as gateway for the Kubernetes nodes. They will propagate routes via BGP overwriting the default routes of Kubernetes nodes such that all traffic is routed via the VIP by default.
Warning
Implications when running on OpenStack
Disabling source-nat’ing has some implications:
If a failover occurs on the frontend nodes, all connections are impacted, not only connections to LoadBalancer-Services.
The source IP of Kubernetes nodes as seen by the outside world changes from the OpenStack router IP to the Gateway’s VIP.
It’s not possible to attach floating IPs to Kubernetes nodes anymore due to routing asymmetry.
Be aware, that the frontend nodes must be potent enough to handle the increased amount of traffic if source-nat’ing is disabled, as they could become the bottleneck otherwise.
Type::
boolean
Default::
true
Example::
false
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.enabled
Whether to enable our LBaas service.
Type::
boolean
Default::
false
Example::
true
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.port_manager
Configure which IP address (“port”) manager to use. Two options are available:
openstack: Uses OpenStack and the Tarook gateway nodes to provision LBaaS IP addresses ports.
static: Uses a fixed set of IP addresses to use for load balancing. When the static port manager is used, yk8s.ch-k8s-lbaas.agent_urls and yk8s.ch-k8s-lbaas.static_ipv4_addresses must be set as well.
Type::
one of "openstack", "static"
Default::
"openstack"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.static_ipv4_addresses
List of IPv4 addresses which are usable for the static port manager. It is your responsibility to ensure that the node(s) which run the agent(s) receive traffic for these IPv4 addresses.
Type::
list of IPv4 address in four-octets decimal notation
Default::
[ ]
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.use_bgp
Type::
boolean
Default::
true
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.use_floating_ips
Whether to enable the use of floating IPs.
Type::
boolean
Default::
true
Example::
false
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix
yk8s.ch-k8s-lbaas.version
Type::
OCI image tag
Default::
"0.9.0"
Declared by https://gitlab.com/alasca.cloud/tarook/tarook/-/tree/devel/nix/yk8s/k8s-supplements/ch-k8s-lbaas.nix