endpointPublishingStrategy is used to publish the Ingress Controller endpoints to other networks, enable load balancer integrations, and provide access to other systems.
If not set, the default value is based on infrastructure.config.openshift.io/cluster .status.platform:
- Azure: LoadBalancerService (with external scope)
- ROKS on Satellite: LoadBalancerService (with external scope)
To view current endpointPublishingStrategy:
oc -n openshift-ingress-operator get ingresscontroller default -o jsonpath={.spec.endpointPublishingStrategy} | jq '.'
{
"loadBalancer": {
"scope": "External"
},
"type": "LoadBalancerService"
}
When you provision ROKS on Satellite for on-prem, there is no cloud load balancer available for the Ingress Controller. Having endpointPublishingStrategy as LoadBalancerService will keep Ingress Controller in Degraded state and will block cluster version upgrades. The endpointPublishingStrategy value cannot be updated. Only option is to delete default Ingress Controller and create it with NodePortService strategy. Make sure to copy existing spec and change only endpointPublishingStrategy when recreating.
A sample Ingress Controller yaml with NodePortService strategy will look like this:
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
finalizers:
- ingresscontroller.operator.openshift.io/finalizer-ingresscontroller
name: default
namespace: openshift-ingress-operator
spec:
defaultCertificate:
name: xxx-0b75760e30ayyyy44987e00a0-0000
endpointPublishingStrategy:
type: NodePortService
nodePlacement:
tolerations:
- key: dedicated
value: edge
routeAdmission:
wildcardPolicy: WildcardsAllowed
More details: https://cloud.ibm.com/docs/satellite?topic=satellite-ts-degraded-ingress