From fb60bf806b66bcb87f68766ef77d307a8d08dc22 Mon Sep 17 00:00:00 2001 From: bmcelvee Date: Mon, 5 Aug 2019 16:29:04 -0400 Subject: [PATCH] Bug 1731177 adding procedural documentation for router sharding --- .../nw-ingress-sharding-namespace-labels.adoc | 54 +++++++++++++++++++ modules/nw-ingress-sharding-route-labels.adoc | 54 +++++++++++++++++++ modules/nw-using-ingress-and-routes.adoc | 9 +--- ...ss-cluster-traffic-ingress-controller.adoc | 4 ++ networking/ingress-operator.adoc | 4 ++ 5 files changed, 117 insertions(+), 8 deletions(-) create mode 100644 modules/nw-ingress-sharding-namespace-labels.adoc create mode 100644 modules/nw-ingress-sharding-route-labels.adoc diff --git a/modules/nw-ingress-sharding-namespace-labels.adoc b/modules/nw-ingress-sharding-namespace-labels.adoc new file mode 100644 index 0000000000..2b7f9b3080 --- /dev/null +++ b/modules/nw-ingress-sharding-namespace-labels.adoc @@ -0,0 +1,54 @@ +// Module included in the following assemblies: +// +// * configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc +// * ingress-operator.adoc + +[id="nw-ingress-sharding-namespace-labels_{context}"] += Configuring ingress controller sharding by using namespace labels + +Ingress Controller sharding by using namespace labels means that the Ingress +Controller serves any route in any namespace that is selected by the namespace +selector. + +Ingress Controller sharding is useful when balancing incoming traffic load among +a set of Ingress Controllers and when isolating traffic to a specific Ingress +Controller. For example, company A goes to one Ingress Controller and company B +to another. + +.Procedure + +. Edit the `router-internal.yaml` file: ++ +---- +# cat router-internal.yaml +apiVersion: v1 +items: +- apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: sharded + namespace: openshift-ingress-operator + spec: + domain: + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + routeSelector: + matchLabels: + type: sharded + status: {} +kind: List +metadata: + resourceVersion: "" + selfLink: "" +---- + +. Apply the Ingress Controller `router-internal.yaml` file: ++ +---- +# oc apply -f router-internal.yaml +---- ++ +The Ingress Controller selects routes in any namespace that is selected by the +namespace selector that have the label `type: sharded`. diff --git a/modules/nw-ingress-sharding-route-labels.adoc b/modules/nw-ingress-sharding-route-labels.adoc new file mode 100644 index 0000000000..8140a3ac5a --- /dev/null +++ b/modules/nw-ingress-sharding-route-labels.adoc @@ -0,0 +1,54 @@ +// Module included in the following assemblies: +// +// * configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc +// * ingress-operator.adoc + +[id="nw-ingress-sharding-route-labels_{context}"] += Configuring ingress controller sharding by using route labels + +Ingress Controller sharding by using route labels means that the the Ingress +Controller serves any route in any namespace that is selected by the route +selector. + +Ingress Controller sharding is useful when balancing incoming traffic load among +a set of Ingress Controllers and when isolating traffic to a specific Ingress +Controller. For example, company A goes to one Ingress Controller and company B +to another. + +.Procedure + +. Edit the `router-internal.yaml` file: ++ +---- +# cat router-internal.yaml +apiVersion: v1 +items: +- apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: sharded + namespace: openshift-ingress-operator + spec: + domain: + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + routeSelector: + matchLabels: + type: sharded + status: {} +kind: List +metadata: + resourceVersion: "" + selfLink: "" +---- + +. Apply the Ingress Controller `router-internal.yaml` file: ++ +---- +# oc apply -f router-internal.yaml +---- ++ +The Ingress Controller selects routes in any namespace that have the label +`type: sharded`. diff --git a/modules/nw-using-ingress-and-routes.adoc b/modules/nw-using-ingress-and-routes.adoc index ac34c78705..d206ceb645 100644 --- a/modules/nw-using-ingress-and-routes.adoc +++ b/modules/nw-using-ingress-and-routes.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * ingress/getting-traffic-cluster.adoc +// * ingress/configuring-ingress-cluster-traffic-ingress-controller.adoc [id="nw-using-ingress-and-routes_{context}"] = Using Ingress Controllers and routes @@ -28,13 +28,6 @@ is available to the set of Ingress Controllers. Each Ingress Controller admits routes from the set of routes. By default, all Ingress Controllers admit all routes. -Ingress Controllers that have permission to view all of the labels in all -projects can select routes to admit based on the labels. This is called Ingress -Controller sharding. This is useful when balancing incoming traffic load among a -set of Ingress Controllers and when isolating traffic to a specific Ingress -Controller. For example, company A goes to one Ingress Controller and company B -to another. - The Ingress Controller: * Has two replicas by default, which means it should be running on two worker nodes. diff --git a/networking/configuring-ingress-cluster-traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc b/networking/configuring-ingress-cluster-traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc index 7a501b9723..ed8f85cd62 100644 --- a/networking/configuring-ingress-cluster-traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc +++ b/networking/configuring-ingress-cluster-traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc @@ -41,6 +41,10 @@ include::modules/nw-creating-project-and-service.adoc[leveloffset=+1] include::modules/nw-exposing-service.adoc[leveloffset=+1] +include::modules/nw-ingress-sharding-route-labels.adoc[leveloffset=+1] + +include::modules/nw-ingress-sharding-namespace-labels.adoc[leveloffset=+1] + == Additional resources * The Ingress Operator manages wildcard DNS. For more information, see diff --git a/networking/ingress-operator.adoc b/networking/ingress-operator.adoc index e225cebe44..78dbe5c4a4 100644 --- a/networking/ingress-operator.adoc +++ b/networking/ingress-operator.adoc @@ -27,4 +27,8 @@ include::modules/nw-ingress-setting-a-custom-default-certificate.adoc[leveloffse include::modules/nw-scaling-ingress-controller.adoc[leveloffset=+1] +include::modules/nw-ingress-sharding-route-labels.adoc[leveloffset=+1] + +include::modules/nw-ingress-sharding-namespace-labels.adoc[leveloffset=+1] + //include::modules/nw-ingress-select-route.adoc[leveloffset=+1]