Network Topology Requirements

The infrastructure that you provision for your cluster must meet the following network topology requirements.

Load balancers

Before you install OKD, you must provision two load balancers that meet the following requirements:

1. API load balancer: Provides a common endpoint for users, both human and machine, to interact with and configure the platform. Configure the following conditions:

  • Layer 4 load balancing only. This can be referred to as Raw TCP, SSL Passthrough, or SSL Bridge mode. If you use SSL Bridge mode, you must enable Server Name Indication (SNI) for the API routes.
  • A stateless load balancing algorithm. The options vary based on the load balancer implementation.

Configure the following ports on both the front and back of the load balancers:

Port Back-end machines (pool members) Internal External Description
6443 Bootstrap and control plane. You remove the bootstrap machine from the load balancer after the bootstrap machine initializes the cluster control plane. You must configure the /readyz endpoint for the API server health check probe. X X Kubernetes API server
22623 Bootstrap and control plane. You remove the bootstrap machine from the load balancer after the bootstrap machine initializes the cluster control plane. X Machine config server

2. Application Ingress load balancer: Provides an Ingress point for application traffic flowing in from outside the cluster. Configure the following conditions:

  • Layer 4 load balancing only. This can be referred to as Raw TCP, SSL Passthrough, or SSL Bridge mode. If you use SSL Bridge mode, you must enable Server Name Indication (SNI) for the Ingress routes.
  • A connection-based or session-based persistence is recommended, based on the options available and types of applications that will be hosted on the platform.

Configure the following ports on both the front and back of the load balancers:

Port Back-end machines (pool members) Internal External Description
443 The machines that run the Ingress router pods, compute, or worker, by default. X X HTTPS traffic
80 The machines that run the Ingress router pods, compute, or worker, by default. X X HTTP traffic
Daftar Materi