Using NLB in OSD or ROSA

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Service on AWS (ROSA)
    • 4
  • Red Hat OpenShift Dedicated (OSD)
    • 4
  • AWS Network Load Balancer (NLB)
  • Custom Domains Operator (CDO)

Issue

  • Is it supported to use NLB for OSD or ROSA Ingress Controller?
  • Is it possible to configure NLB (Network Load Balancer) type of the Service on OSD or ROSA.
  • How to configure NLB as the LoadBalancer type of Service on OSD or ROSA

Resolution

Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

While it is not possible to use NLB for the default Ingress Controller in OSD or ROSA at this moment, it is possible to configure the Custom Domains Operator with loadBalancerType: NLB. Refer to Configure Custom Application Domains for OSD and ROSA for additional information about the CDO. In addition to that, there is an internal task to allow to use NLB with the default Ingress Controller (SDE-1254).

Another option is to configure a Service of type LoadBalancer and specify the AWS NLB load balancer type using the annotation service.beta.kubernetes.io/aws-load-balancer-type: "nlb", but please test on the version of OpenShift you are using to ensure it works as expected (refer to Network Load Balancer support on AWS for more details):

apiVersion: v1
kind: Service
metadata:
  name: your-service
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
[...]

There is additional information about creating a Service of type LoadBalancer in KCS 5845361: How to create a load balancer service using AWS NLB for OCP 4.

Note: the quota of the NLB depends on AWS limitation, further information in Quotas for your Network Load Balancers.

Root Cause

It is possible to configure the Custom Domains Operator with loadBalancerType: NLB. Refer to Configure Custom Application Domains for OSD and ROSA for additional information about the CDO.

It is also possible to configure NLB as the LoadBalancer type of a Service. Refer to the Load balancers documentation:

  • Load balancers in OSD:

    Optional: Load balancers for services that can be mapped to a service running on OpenShift Dedicated to enable advanced ingress features, such as non-HTTP/SNI traffic or the use of non-standard ports. These can be purchased in groups of 4 for standard clusters, or they can be provisioned without charge in Customer Cloud Subscription (CCS) clusters; however, each AWS account has a quota that limits the number of Classic Load Balancers that can be used within each cluster.

  • Load Balancers in ROSA:

    Optional: Load balancers for services. Enable non-HTTP/SNI traffic and non-standard ports for services. These load balancers can be mapped to a service running on Red Hat OpenShift Service on AWS to enable advanced ingress features, such as non-HTTP/SNI traffic or the use of non-standard ports. Each AWS account has a quota which limits the number of Classic Load Balancers that can be used within each cluster.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments