Configurable Ingress Mode for RHOAI 3.2 on Bare Metal, OpenStack and Private Clouds
Table of Contents
- Overview
- Ingress Mode Options
- New Deployments (RHOAI 3.2+)
- Upgrades from RHOAI 3.x
- Switching Ingress Modes
- Verifying the Configuration
- Troubleshooting
Overview
Starting with RHOAI 3.2, the ingress architecture includes a configurable Ingress Mode that determines how the Gateway API exposes RHOAI components externally. This addresses the infrastructure requirements previously needed for bare metal, OpenStack, and private cloud deployments.
In prior RHOAI 3.x versions, the Gateway always created a LoadBalancer service, requiring either:
- A cloud provider's load balancer integration, or
- Manual installation and configuration of the MetalLB Operator (for bare metal)
With RHOAI 3.2, new deployments default to using standard OpenShift Routes, eliminating the need for additional load balancer infrastructure in most environments.
Ingress Mode Options
The GatewayConfig custom resource now includes an ingressMode field with two options:
| Mode | Value | Service Type | External Access | Infrastructure Required |
|---|---|---|---|---|
| OCP Route | OcpRoute | ClusterIP | OpenShift Routes | None (uses existing cluster ingress) |
| LoadBalancer | LoadBalancer | LoadBalancer | External IP from load balancer | Cloud LB or MetalLB |
OcpRoute (Default)
- Uses a ClusterIP service with standard OpenShift Routes for external access
- Works out of the box on any OpenShift cluster
- No additional DNS configuration required beyond standard cluster DNS
- Recommended for bare metal, OpenStack, and private cloud deployments
LoadBalancer
- Uses a LoadBalancer service type for external access
- Requires a load balancer provider (cloud integration or MetalLB)
- Suitable for environments with existing load balancer infrastructure
New Deployments (RHOAI 3.2+)
New RHOAI 3.2 installations automatically use OcpRoute mode. No additional configuration is required for bare metal, OpenStack, or private cloud environments.
To verify the ingress mode after installation:
oc get gatewayconfig default-gateway -o jsonpath='{.spec.ingressMode}'
If the output is empty or OcpRoute, the deployment is using OpenShift Routes.
Upgrades from RHOAI 3.x
When upgrading from an existing RHOAI 3.x deployment, the operator automatically detects the current infrastructure configuration:
-
If the Gateway service is type LoadBalancer: The operator sets
ingressMode: LoadBalancerto preserve your existing configuration. No changes to your DNS or MetalLB setup are required. -
If the Gateway service is type ClusterIP (or does not exist): The operator sets
ingressMode: OcpRoute.
This ensures that existing deployments continue to function without modification after upgrade.
Switching Ingress Modes
Administrators can switch between ingress modes by updating the GatewayConfig custom resource.
Switching from LoadBalancer to OcpRoute
oc patch gatewayconfig default-gateway --type=merge -p '{"spec":{"ingressMode":"OcpRoute"}}'
After switching to OcpRoute:
- The Gateway service will be recreated as ClusterIP
- An OpenShift Route will be created for external access
- MetalLB is no longer required (can be removed if not used elsewhere)
- External DNS records pointing to the old LoadBalancer IP are no longer needed and should be removed to avoid routing conflicts
Switching from OcpRoute to LoadBalancer
oc patch gatewayconfig default-gateway --type=merge -p '{"spec":{"ingressMode":"LoadBalancer"}}'
After switching to LoadBalancer:
- The Gateway service will be recreated as LoadBalancer
- A load balancer provider (cloud or MetalLB) must be available
NOTE: Switching ingress modes causes the Gateway to be recreated. Expect a brief interruption to RHOAI component access during this process.
Verifying the Configuration
Check the current ingress mode
oc get gatewayconfig default-gateway -o jsonpath='{.spec.ingressMode}'
Check the Gateway service type
oc get svc -n openshift-ingress -l gateway.networking.k8s.io/gateway-name=data-science-gateway
For OcpRoute mode, verify the Route exists
oc get route -n openshift-ingress -l gateway.networking.k8s.io/gateway-name=data-science-gateway
For LoadBalancer mode, retrieve the external IP
oc get gateway -n openshift-ingress data-science-gateway -o jsonpath='{.status.addresses[*].value}'
Troubleshooting
RHOAI Dashboard is inaccessible after switching to LoadBalancer mode
Ensure that:
-
A load balancer provider is available (MetalLB for bare metal, or cloud provider integration)
-
The Gateway service has an external IP assigned:
oc get svc -n openshift-ingress -l gateway.networking.k8s.io/gateway-name=data-science-gateway
GatewayConfig shows error status after mode change
The Gateway is recreated when switching modes. Check the status:
oc get gatewayconfig default-gateway -o jsonpath='{.status.conditions}'
Wait for the Ready condition to become True. If errors persist, check the operator logs:
oc logs -n redhat-ods-operator -l name=rhods-operator --tail=100