JBoss EAP 7 Operator creates LoadBalancer service

Solution Verified - Updated 13 Jun 2024

Environment

Red Hat JBoss Enterprise Application Platform (EAP)
- 7.x
Red Hat JBoss Enterprise Application Platform Operator

Issue

JBoss EAP Operator creates LoadBalancer service unnecessarily

Resolution

The EAP Operator creates two services to access the statefulset pods:

One service named "something-headless" is used to coordinated pods scale down.
The other service named "something-loadbalancer" is used to access the pods during regular operation. This service is created with the Type set to LoadBalancer.

However, this is not correct.
The LoadBalancer type is meant to Expose the Service externally using a cloud provider's load balancer, see Content from kubernetes.io is not included.kubernetes - services-networking.
Instead this service should be created with a type of "ClusterIP" to "Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster."

This service was not intended to be reachable from outside the cluster. The Route resource is used for that purpose, aka route.

Root Cause

This is being fix on the Jira This content is not included.JBEAP-23019.

An load balancer, like F5 can (and will) complaining because it has an add on, which one can enable called IPAM where it can act like / integrate with LoadBalancer service objects to expose them via a managed pool of static IPs. However, enabling IPAM isn't a solution here because that is not what the customer wants to do.
So the F5 load balancer conflicts with the LoadBalancer objects created by EAP 7's Operator.
k8s Service Ref: https://kubernetes.io/docs/concepts/services-networking/service/
F5 IPAM: https://github.com/F5Networks/f5-ipam-controller

In a non cloud provider environment, we should be creating a ClusterIP service, not a LoadBalancer one.

Diagnostic Steps

The EAP operator will create a LoadBalancer type service object, even if the openshift cluster does not support LoadBalancer service types.

apiVersion: wildfly.org/v1alpha1
kind: WildFlyServer
metadata:
  name: example
  namespace: steve-test
spec:
  applicationImage: 'quay.io/wildfly-quickstarts/wildfly-operator-quickstart:18.0'
  replicas: 1

Get the svc example-loadbalancer:

$ oc -n one-test get svc example-loadbalancer
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
example-loadbalancer   LoadBalancer   127.1.1.10   <pending>     8080:30807/TCP   4m6s

A ClusterIP type service would work just fine with the Route that gets created:

$ oc -n one-test get route example-route
NAME            HOST/PORT                                             PATH   SERVICES               PORT   TERMINATION   WILDCARD
example-route   example-route-steve-test.apps.example          example-loadbalancer   http                 None

Pod/F5 CIS tool logs:

2022/01/01 03:05:24 [ERROR] IPAM is not enabled, Unable to process Services of Type LoadBalancer

SBR

JBoss Base AS

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.