Detail on how the Kubernettes (K8s) plugin works on LoadMaster (LM)
Product: Kubernettes Plugin
Application: Ingress controller
Detail on how the K8s plugin works on LM
|Steps to Reproduce:|
Q1. Can the Kubeconfig file contain more than one cluster?
The Kubeconfig file will contain only one cluster but can support multiple namespaces.
Q2. Which resources and privileges (RBAC) will the kemp user need to have over the cluster to operate correctly ?
There are no specific privileges the kemp user needs. It only requires to be able to read the config from the cluster and then it will dynamically alter the services on the LM. See the link below and this quote from our documentation
"Ingress Mode allows DevOps Teams to define a new class of Ingress Controller utilizing the LoadMaster which automatically detects and matches the configuration as defined in Kubernetes."
Q3. Will other annotations on the ingress be compatible with the Kemp Ingress Controller (KIC).
KIC will ignore any annotation unless it starts with kemp.ax/……, see link below for a sample of annotations that are supported currently.
Q4. What are some advantages of choosing Kemp Ingress over another ingress controller?
The LoadMaster uses a plugin to communicate with Kubernetes and can deliver all the functionality that is deliver to any other virtual service (WAF, QoS, GLSB, etc.) so that would be something that sets the LoadMaster apart from some other ingress controllers.
Q5. All of our clusters have the same internal networking subnet (e.g 10.10.0.0/16) to the pods, will this be a problem setting the kemp as ingress mode ?
The configuration of additional routes may be required to the POD CIDR on the LM.
So as long as the route is pointing to the cluster correctly everything should work as expected.
Additionally there may be a requirement to create routes to Pods defined. The Pod network must not overlap with network IP addresses and the Nodes must be on the same subnet as the LoadMaster.
For Annotations, see section 5.2.4 on this document:
For Roles and access controls see section 5.2.1 on this document
For Routing and pod locations check section 5.2 "Advantages and disadvantages in our document: