Isolating network workloads to edge nodes in VPC clusters
Add the dedicated=edge
label to worker nodes in your cluster. The labels ensure that load balancers are deployed to those worker nodes only. Note that router pods for Ingress controllers and routers are not deployed to edge nodes
and remain on non-edge worker nodes.
Prerequisites
- Ensure that you have the following IBM Cloud IAM roles:
- Any platform access role for the cluster
- Writer or Manager service access role for all namespaces
- Access to your Red Hat OpenShift cluster from the CLI.
Isolating workloads to edge nodes
- Create a worker pool with the label
dedicated=edge
or add the label to one of your existing worker pools.- To create a VPC worker pool, you can use the
worker-pool create vpc-gen2
command.ibmcloud oc worker-pool create vpc-gen2 --name POOL_NAME --cluster CLUSTER --flavor FLAVOR --size-per-zone WORKERS_PER_ZONE --hardware ISOLATION --label dedicated=edge
- To label an existing worker pool, you can use the
worker-pool label set
command.ibmcloud oc worker-pool label set --cluster CLUSTER --worker-pool POOL --label dedicated=edge
- To create a VPC worker pool, you can use the
- Verify that the worker pool and worker nodes have the
dedicated=edge
label.- To check the worker pool, run the
get
command.ibmcloud oc worker-pool get --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>
- To check individual worker nodes, review the Labels field of the output of the following command.
oc describe node <worker_node_private_IP>
- To check the worker pool, run the
- Refresh your cluster master to trigger an update to your VPC loadbalancer member pool.
ibmcloud oc cluster master refresh --cluster <cluster_name_or_ID>