Yes, the Reference architecture (https://access.redhat.com/documentation/en-us/reference_architectures/2018/html-single/deploying_and_managing_openshift_3.9_on_amazon_web_services/) describes the masters located on boxes separate from those for the Infrastructure nodes, and it shows separate ELB as well for the two sets. I don’t see it specifically explained which URLs should be assigned to which of the two ELBs, but I assume that only the web console URL is assigned to the Master’s ELB and the apps URL – to the Router’s ELB. In my case, having an expansive infrastructure for the system vs. the application nodes is cost-prohibitive compare to solutions like AWS ECS, so I’m looking to migrate my apps off the OpenShift install anyway, but it is still puzzling what specifically caused the outage. In the initial install, I had 3 masters co-located with the etcd and infrastructure nodes, and the ALB passing all port 80/443 and 8443 traffic to those machines – this is a pretty typical install described in users blogs. Back to the issue, when one of the 3 machines linked to the ALB did not have a working oc router on it – some apps routes where not accessible. It would be nice to get an explanation for this that can also benefit others, e.g., if this configuration is particularly dangerous for this specific reason.
> I’m really confused what you are trying to do. You should not front the apiserver with a router. The router and the masters are generally best not to collocate unless your bandwidth requirements are low, > but it’s much more effective to schedule the routers on nodes and keep that traffic separate from a resiliency perspective.
> The routers need the masters to be available (2/3 min) to receive their route configuration when restarting, but require no interconnection to serve traffic.