Bug 1576902

Summary: [RFE] Layer-4 ingress support via router
Product: OpenShift Container Platform Reporter: Robert Bost <rbost>
Component: RFEAssignee: Eric Paris <eparis>
Status: CLOSED WONTFIX QA Contact: Xiaoli Tian <xtian>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.9.0CC: aos-bugs, bbennett, ccoleman, jokerman, mmccomas, rbost
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-12 11:55:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Bost 2018-05-10 16:28:51 UTC
1. Proposed title of this feature request

[RFE] - Layer-4 Ingress Support via Router

3. What is the nature and description of the request?

Here is customer request:

~~~
We are trying to have similar feature parity with CoreOS Tectonic Ingress controller (https://coreos.com/tectonic/docs/latest/admin/ingress.html).

We believe that Openshift Router should support L4 ingress types in addition to HTTP/HTTPS/TLS protocols. Although we know the other methods to bring L4 traffic to cluster, it is not ideal in Enterprise world. This is the reason we are seeking feature enhancement.

CoreOS Tectonic Ingress controller allows L4 TCP/UDP ingress traffic to pods via reading configmap. Similar to nodeport concept but Ingress controller has ability to spin up hostnetwork ports and route L4 traffic to respective service endpoints.

We requested this feature so we can have feature parity between CoreOS and RedHat.
~~~

4. Why does the customer need this? (List the business requirements here)

Customer would like developers to be able to accept incoming traffic via router instead of current solution requiring NodePort.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

Add route that does not fall under HTTP, HTTPS, TLS, or layer 7.

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?

N/A

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?

No

9. Is the sales team involved in this request and do they have any additional input?

No

10. List any affected packages or components.

N/A

11. Would the customer be able to assist in testing this functionality if implemented?

N/A

Comment 1 Ben Bennett 2018-05-10 17:32:21 UTC
Have you looked at the LoadBalancer service type?

https://docs.openshift.com/container-platform/3.9/dev_guide/expose_service/expose_internal_ip_load_balancer.html

If so, what are the limitations that you have encountered?

Comment 2 Robert Bost 2018-05-18 21:24:39 UTC
> Have you looked at the LoadBalancer service type?
> If so, what are the limitations that you have encountered?

Customer stated "Yes, we don’t have F5 load balancer integration yet to support the below [LoadBalancer service type]."

Comment 3 Clayton Coleman 2018-06-06 05:21:27 UTC
The linked feature does not require F5 in all cases.  It can be implemented with only network configuration to the inbound nodes.

Also, it’s not clear why nodeports are inadequate - can you please describe a bit more?  What are the technical gaps with nodeports?

Comment 5 Kirsten Newcomer 2019-06-12 11:55:17 UTC
With the introduction of OpenShift 4, Red Hat has delivered or roadmapped a substantial number of features based on feedback by our customers.  Many of the enhancements encompass specific RFEs which have been requested, or deliver a comparable solution to a customer problem, rendering an RFE redundant.

This bz (RFE) has been identified as a feature request not yet planned or scheduled for an OpenShift release and is being closed. 

If this feature is still an active request that needs to be tracked, Red Hat Support can assist in filing a request in the new JIRA RFE system, as well as provide you with updates as the RFE progress within our planning processes. Please open a new support case: https://access.redhat.com/support/cases/#/case/new 

Opening a New Support Case: https://access.redhat.com/support/cases/#/case/new 

As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.