There should be an admin or install topic for non-http traffic ingress

[smarterclayton]

We should document the three types of traffic from outside to the inside and how people achieve that

1. HTTP/TLS -> router (SNI special case)
2. TCP -> service nodeport and a ramp node / vrrp setup (basically, use the same nodes as the router but advertise them with VRRP and use the DNS address of the router nodes)
3. Connecting pod network directly to the outside (partially documented in the ramp node -> SDN issue)

All three of these are "supported", but they need doc. They are really three facets of the same problem.

@knobunc do you have a card that covers this doc? I think this is one topic, three subsections, and then we can stop answering this question all the time :)

For 2 the recommendation is:

1. Setup router nodes (either TCP load balance or ipfailover VRRP setup) in an HA config
2. When asking for nodeports, use the router nodes with their VIPs (VRRP) or with a range TCP load balancer (cloud, F5) as the destination IP. You can also use the wildcard DNS for the router + the nodeport

[aweiteka]

This topic[1] addresses some of this.

[1] install_config/routing_from_edge_lb.adoc

[knobunc]

We didn't have a card for the docs, I made:
https://trello.com/c/rvbmuWH0/248-document-the-current-ingress-story-well

We do have cards to improve non-http ingress:
https://trello.com/c/9TXvMeS2/54-13-supporting-non-http-s-80-443-traffic-routes-traffic-ingress

[pecameron]

@smarterclayton @aweiteka @knobunc
I am going to take a crack at this and I can use a lot of guidance along the way.
First I am looking for a place in the documentation to discuss this. I think a new section after:
Inatallation and Configuration > Inatalling > Advanced Installation
could work. Maybe a section title of:
Getting Traffic Into The Cluster
might work. Do you have a different place for it or a different section name?

[knobunc]

I'd add it to Developer Guide. Perhaps under Routes?

That section name is fine for now. We can always play with that once we get the doc written.

[pecameron]

@knobunc I thought about that. I ended up with who needs to know this? What are they doing that the time?
It seemed natural for the admin that is setting up the cluster to also connect it to the world.

[knobunc]

@pecameron While the admin sets up the cluster and sets up the nodes that are on the edge... it is the services that are created by the developers that are the things that are exposed. Some of the ways of exposing them may need admin assistance, but the interaction would probably be initiated by the dev.

[knobunc]

Resolved by #2827