Hey Ondrej & Michal, Option 3 seems like the right direction. The reason being that we do not want to dictate or force the Operators/Service Providers to use NGINX. This effort is a “reference integration” with an Ingress Controller. Putting the infrastructure-specific deployment details of the ingress controller in RKE allows for this flexibility.
Thanks, Mike. From: "[email protected]" <[email protected]> Date: Tuesday, August 20, 2019 at 10:23 AM To: "[email protected]" <[email protected]>, 'Lucjan Bryndza' <[email protected]>, Ptacek Michal <[email protected]>, 'Mateusz Pilat' <[email protected]>, 'Krzysztof Opasiak' <[email protected]>, Mike Elliott <[email protected]> Subject: Nginx-ingress controller for ONAP Hello, I have spent last week on modifying nginx-ingress component in oom repository to be more offline friendly OOM-2050<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjira.onap.org%2Fbrowse%2FOOM-2050&data=02%7C01%7CMike.Elliott%40amdocs.com%7C18f1477d170847866e5208d7257a01bb%7Cc8eca3ca127646d59d9da0f2a028920f%7C0%7C0%7C637019078259291024&sdata=xVBBkfZrby2CRjvqcWBNnOUcjBEBFvVMfvIFn0nWSJA%3D&reserved=0> Right now repo and images are downloaded in runtime). There are multiple ways of adding nginx-ingress, we need to decide which one is better: Option 1) First option is to manually download nginx-ingress repository beside other components into oom/kubernetes/ directory and modify oom/kubernetes/onap/requirements.yaml with @local repository (it is what I have already done in https://gerrit.onap.org/r/#/c/oom/+/93872/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgerrit.onap.org%2Fr%2F%23%2Fc%2Foom%2F%2B%2F93872%2F&data=02%7C01%7CMike.Elliott%40amdocs.com%7C18f1477d170847866e5208d7257a01bb%7Cc8eca3ca127646d59d9da0f2a028920f%7C0%7C0%7C637019078259291024&sdata=XbTlmowLhnirNzfs%2BFvmWze83ULXDyx%2BhPmbYnSLNl4%3D&reserved=0>) But there are lot of inconsistency in later usage. Version of this repository needs to be manually checked and update if needed. It means it is unusable basically. Option 2) Other option here is to add nginx-ingress repo as submodule into oom repository. The problem here is that the repository is on github, so not sure how it would work together with onap gerrit. both (1) and (2) will also allow Lucjan and guys to continue configuring nginx-ingress from OOM perspective https://gerrit.onap.org/r/#/c/oom/+/93748/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgerrit.onap.org%2Fr%2F%23%2Fc%2Foom%2F%2B%2F93748%2F&data=02%7C01%7CMike.Elliott%40amdocs.com%7C18f1477d170847866e5208d7257a01bb%7Cc8eca3ca127646d59d9da0f2a028920f%7C0%7C0%7C637019078259301019&sdata=wQKgSBptT%2FMiwBqsA6Qk53%2BgMC6SMwMa90IT1%2B%2BK1xU%3D&reserved=0> https://gerrit.onap.org/r/#/c/oom/+/93749/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgerrit.onap.org%2Fr%2F%23%2Fc%2Foom%2F%2B%2F93749%2F&data=02%7C01%7CMike.Elliott%40amdocs.com%7C18f1477d170847866e5208d7257a01bb%7Cc8eca3ca127646d59d9da0f2a028920f%7C0%7C0%7C637019078259301019&sdata=gLE3BKvOjkD%2FnMkVCjXdY9M0UnSZiCuiEYZSIx6HSW8%3D&reserved=0> https://gerrit.onap.org/r/#/c/oom/+/93750/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgerrit.onap.org%2Fr%2F%23%2Fc%2Foom%2F%2B%2F93750%2F&data=02%7C01%7CMike.Elliott%40amdocs.com%7C18f1477d170847866e5208d7257a01bb%7Cc8eca3ca127646d59d9da0f2a028920f%7C0%7C0%7C637019078259311011&sdata=JEkeSf7jb%2BEv3CXdkE7YprfTjrGHWFTBQt%2BjEzRhVII%3D&reserved=0> Option 3) Last option which come to our mind is to add this nginx-ingress directly into RKE. As I find out by default nginx-ingress is part of RKE. But it is not enabled by default ! I have checked oom/offline-installer and I can see that we downloading nginx-ingress images which are basically the same as in github repo Lucjan used first. Below are two images which are taken from offline-installer/ansible/roles/rke/defaults/main.yml: ingress: rancher/nginx-ingress-controller:0.21.0-rancher3 ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.4-rancher1 And here is blank configuration for ingress directly in RKE taken from offline-installer/ansible/roles/rke/templates/cluster.yml.j2: ingress: provider: "" options: {} node_selector: {} extra_args: {} https://www.cnrancher.com/blog/2018/2018-09-13-load-balancing-options-2dot0/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cnrancher.com%2Fblog%2F2018%2F2018-09-13-load-balancing-options-2dot0%2F&data=02%7C01%7CMike.Elliott%40amdocs.com%7C18f1477d170847866e5208d7257a01bb%7Cc8eca3ca127646d59d9da0f2a028920f%7C0%7C0%7C637019078259311011&sdata=3lbl7%2F5n%2BLtVRQthlzlO5FFgcdU3D1EydDZmZuDqcZI%3D&reserved=0> https://rancher.com/docs/rke/latest/en/config-options/add-ons/ingress-controllers/?__hstc=220764231.af5d3a08163656e5588399a68a7d6fb4.1566285435689.1566285435689.1566285435689.1&__hssc=220764231.1.1566285435689&__hsfp=1103756939<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Francher.com%2Fdocs%2Frke%2Flatest%2Fen%2Fconfig-options%2Fadd-ons%2Fingress-controllers%2F%3F__hstc%3D220764231.af5d3a08163656e5588399a68a7d6fb4.1566285435689.1566285435689.1566285435689.1%26__hssc%3D220764231.1.1566285435689%26__hsfp%3D1103756939&data=02%7C01%7CMike.Elliott%40amdocs.com%7C18f1477d170847866e5208d7257a01bb%7Cc8eca3ca127646d59d9da0f2a028920f%7C0%7C0%7C637019078259311011&sdata=JhbyViBGiffCXp8GvwJoa6iEiqNA4sAiC9lhsoO1Zgs%3D&reserved=0> choosing (3) will probably means to remove nginx-ingress feature from OOM and add it purely into RKE, we can do it for the offline installer and adapt RKE instructions in https://docs.onap.org/en/latest/submodules/oom.git/docs/oom_setup_kubernetes_rancher.html#onap-on-kubernetes-with-rancher<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.onap.org%2Fen%2Flatest%2Fsubmodules%2Foom.git%2Fdocs%2Foom_setup_kubernetes_rancher.html%23onap-on-kubernetes-with-rancher&data=02%7C01%7CMike.Elliott%40amdocs.com%7C18f1477d170847866e5208d7257a01bb%7Cc8eca3ca127646d59d9da0f2a028920f%7C0%7C0%7C637019078259321009&sdata=IPISL4kwL%2BJcrRmrVxoHKkr3rAQi2tj54thiCh%2FEkVE%3D&reserved=0> we believe that (3) is probably better but if we would really like to enforce this feature it’s probably safer to have is done in OOM (2), any suggestions welcome !! Thanks, Ondrej & Michal [cid:[email protected]] [http://ext.w1.samsung.net/mail/ext/v1/external/status/update?userid=o.smalec&do=bWFpbElEPTIwMTkwODIwMTQyMjQzZXVjYXMxcDFmYzQ2ZWJiZmFjMjU1MmNkOGE1ODVjNjc4MDQ5MmFmMSZyZWNpcGllbnRBZGRyZXNzPU1pa2UuRWxsaW90dEBhbWRvY3MuY29t] This email and the information contained herein is proprietary and confidential and subject to the Amdocs Email Terms of Service, which you may review at https://www.amdocs.com/about/email-terms-of-service <https://www.amdocs.com/about/email-terms-of-service> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18632): https://lists.onap.org/g/onap-discuss/message/18632 Mute This Topic: https://lists.onap.org/mt/32967870/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
