LBaaS : Private to Private load balancing and support for larger LBs (Octavia integration)

[Nico-VanHaaster]

As a Kubernetes cluster user I want to use a fully integrated load balancer for more various use cases such as high-traffic scenarios or private to-private load-balancing so that I can benefit from full Kubernetes integration and automation for all possible business use case

Note : We currently only support public to public and public to private loadbancers and we only have one ficex integrated loadbalancer size, described here (with limitations such as 2,000 req/s and 200 Mbit/s). A workaroudn is to setup a self-managed load balancer and/ or use OVHcloud IP load balancer solution https://www.ovh.ie/solutions/load-balancer but this is challenging because you then miss the live integration for example when a pod is rescheduled or a node is added/removed.

All those usecases will be covered in 2023 with the integration of Octavia load balancer in Managed Kubernetes.

---

original issue : It is quite common that a K8 load balancer work with Private IP (VRack assigned). This allows other private services to interact with the services \ pods in a K8 cluster without exposing the cluster to the public web.

In other platforms an annotation is added to the ingress controller to create the load balancer using a Private IP Address. For example in Azure we would use the annotation

service.beta.kubernetes.io/azure-load-balancer-internal: "true"

This is quite helpful for cases such as

• A firewall \ WAF external to the cluster managing all ingress
• Orchestrating muliple clusters through common end points
• Creating services that are not exposed to the public web (ie. Monitoring/Telemetry, Cache, Database etc)

[giudicelli]

Indeed, it would be nice... even more since OVH's documentation is very confusing and might actually lead people to beleive it's already in place! :(

[mhurtrel]

Hello

I confirm that we currently support only Public to Public and Public to Private load balancing but not Private to Private. This is a planned feature from our network colleagues and we will support an annotation for this when they mùake it available. In the meatime we invite you to use clusterIPs/nodeports for internal traffic routing.

[giudicelli]

Well acutally there seem to be a major bug in your public to private implementation... https://gitter.im/ovh/kubernetes?at=60a3c10f233397424dcd6e1f And I'm not the only one if I refer to people's posts :)

[mhurtrel]

@giudicelli I confirm this bug is being adressed by my network colleagues (it is non systematic : sometimes they create a neutron port in the wrong region to one side of the LB which make it unreachable)

[mhurtrel]

@giudicelli This bug has been fixed a couple of weeks ago. nevertheless I let the issue open because private to private loadbalancing is still to be developped.

[matmicro]

What is the ETA for this ? Beta / GA

[mhurtrel]

Hello @matmicro I dont have an ETA yet, but this should be pretty soon after regions are moved to a recent version of Openstack and expose Octavia, which is the technology we plan to leverage for this need

[matmicro]

Can we expect before end of 2021 then ?

[mhurtrel]

@matmicro no, this will be during first semester of 2022

[pierreis]

@mhurtrel Is the first semester ETA still accurate?

[mhurtrel]

Hello @pierreis There is some delays in adding public to public support for octavia, that will be leveraged for both use case after integration in Kubernetes. The current ETA is Q3, sorry for the delay.

[mscheer93]

is ETA still Q3?

[mhurtrel]

Hi @mscheer93 . Our Octavia colleagues are having some delays in making Octavia full compliant with all the K8s use case we will need (public to public, public to private and private to private). We need all this scenarios to be usable to then make the switch. Our best guess at the moment is Q4 calendar year. sorry for the delay.

[mhurtrel]

@Nico-VanHaaster I updated the issue also covering the 'high load' scenario. Both will be covered with the octavia integration. Unfortunately, we have delay from the Octavia team to enable all scenarios needed for Kubernetes. I will give a new ETA as soon as I have a clear one from them.

[Nico-VanHaaster]

@JacquesMrz thanks for the update. At this point we have stopped using OVH K8 and gone with Azure until the K8 offering is finished. This feature of one really important features to be implemented.

Looking forward to the GA release.

[arcalys]

Any news or any ETA for this?

[yctn]

Any news or any ETA for this?

[matmicro]

As a MKS user i would like to have benefit from below improvements on Loadbalancer :

• ability to set a name (from kube YAML file) and see this name from Manager UI
• display LB kubernetes cluster on Manager UI
• display LB metrics on Manager UI
  • requests/s
  • bandwith Then i will be able to clearly optimize my LB usage and anticipate migration from S, M, L flavor.

[yctn]

Any news or any ETA for this?

[qualifio-infrastructure]

So we are almost 2 years later, this just moved to "prioritized", so we should expect this by ~2025 right?

[mhurtrel]

Hi @qualifio-infrastructure I fully understand and share part of your frustration, but please understand that there were numerous dependancies to support this. We depend on those to move forward with this. Octavia is being release by my network colleagues in a first production-ready versions, and they are now progressing on supporting all the scenario we need for Managed Kubernetes (including missing public to public management). As soon as we have that, we will integrate Octavia and support this. We currently target this for Spring though there may be additionnal smal delay on those dependancy I dont have full control on.

[pierreis]

How is this looking at the moment? This is critical for many uses.

[LisaPerrier]

Hi @pierreis, We are putting effort into deploying Octavia (public to public and public to private management) for the end of summer 2023. Then we will be able to work on our dependencies issues and making private to private deployment possible for 2024.

[pierreis]

Less than 3 months ago spring was targeted, but it now shifted by a whole additional year? Alright.

[LisaPerrier]

Hello @pierreis, after more discussions with our development team, I can say that we will be able to deploy Octavia with public to public, public to private AND private to private management directly. The ETA remains the end of summer 2023.

[zyguy]

Hi, do you have any update on this feature ?

[Nico-VanHaaster]

Hi, do you have any update on this feature ?

@zyguy i opened this thread over 2 years ago May 2021 and nothing but delays and no responses. We moved our entire stack off OVH to Azure, with properly configured clusters we were able to achieve near close price points to OVH with 10x the capabilities. Now using private routing from the edge, HA clusters and much more.

I wouldn’t expect to see much from this team.

[bcouetil]

we were able to achieve near close price points to OVH with 10x the capabilities

😂

If your goal is price and top notch capabilities, you could have started directly with Azure/GCP/AWS asking to any Cloud Engineer knowing the market.

OVH is a sovereign outsider my friend... dev budget is an order of magnitude lower...

[LisaPerrier]

Hello all,

Thank you for your comment and concern. We completely understand the importance of the Octavia integration and want to reassure you that our teams, including the network team, have been actively working on it for several months now. Rest assured, we are committed to delivering the integration as planned by the end of summer, just as we recently stated and answered.

The Octavia integration will indeed bring a host of new features to our platform. Some of the highlights include support for private-to-private load balancing, load balancer resizing, customizable TTL (Time to Live), and much more. We are excited about the possibilities this will open up for our users, and we're confident that these enhancements will greatly improve the overall performance and functionality of our service.

Please know that your feedback and suggestions are invaluable to us, and we are working diligently to address your needs and requirements. We look forward to delivering the Octavia integration and its exciting features by the end of summer.

[JustDoItSascha]

Hello all,

Thank you for your comment and concern. We completely understand the importance of the Octavia integration and want to reassure you that our teams, including the network team, have been actively working on it for several months now. Rest assured, we are committed to delivering the integration as planned by the end of summer, just as we recently stated and answered.

The Octavia integration will indeed bring a host of new features to our platform. Some of the highlights include support for private-to-private load balancing, load balancer resizing, customizable TTL (Time to Live), and much more. We are excited about the possibilities this will open up for our users, and we're confident that these enhancements will greatly improve the overall performance and functionality of our service.

Please know that your feedback and suggestions are invaluable to us, and we are working diligently to address your needs and requirements. We look forward to delivering the Octavia integration and its exciting features by the end of summer.

You mean summer '23? Right? ;-)

Yeah it's a bit frustrating. Especially when you say they are working for month now on this feature which could be implemented in a day or two.

I also told developers of yours months ago that there is a problem with octavia load balancers and Member Connect Timeout. But nothing happens on that front, it's a reproducable error which nobody is solving. Sad :(