Managed Load Balancer and Autoscaling cloudscale Infra Nodes

We switch to cloudscale’s load balancer and use an in-cluster controller to update the load balancer configuration.

The controller listens to infra node events and updates the load balancer configuration accordingly using the cloudscale API.

Cloudscale’s load balancer are currently missing the NAT gateway feature which is required for our clusters. The feature should be available soon. We could document the manual steps to update the load balancer configuration until the feature is available.

We connect to the hieradata Git repositories from the cluster and update the load balancer configuration when infrastructure nodes are replaced. This would need a complicated back channel to the Git repositories and would be hard to implement.

We could use Commodore dynamic facts to update the hieradata Git repositories on Commodore compile runs. This would use a existing channel but would delay the update until the next compile run.

Using the cloudscale cloud controller manager we can expose the default ingress controller as a service of type LoadBalancer.

This would automatically create a cloudscale load balancer and update the load balancer configuration when infrastructure nodes are replaced.

We’ve run into troubles before if using proxy protocol and OpenShift routes internal traffic directly to the source IP and not through the load balancer, see issue. OpenShift 4.17 (Kubernetes 1.30) would solve these issues.

OpenShift, as of 4.17, doesn’t allow configuring PROXY protocol on the ingress controller when using endpoint publishing strategy LoadBalancerService. This can be circumvented by using endpoint publishing strategy Private and creating a service of type LoadBalancer manually.