While one can create and manage LoadBalancer/Ingress service from the kubernetes side, there are some limitation. One of the limitation seems that the ingress object created from kubernetes is only accessible within the same namespace. With the limited availability of floating ips, this is not very good. One can manually create the LoadBalncer object from the openstack, which does not impose such limitation.
- Note that if you want loadbalancer but without public floating ip, you can do it using a following annotation. Then it will use an internal ip.
- service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
- service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
1. LoadBalancer for SSH connection
Under "Network/Load Balancers", click "Create Load Balancer" button.
Fig. 1 : Create a LoadBalancer - Details |
---|
- GIve it a name, and select the subnet you are working with. Other fields do not need to be changed.
We will add a TCP listener for our SSH connection. You can add other listeners later.
- give it a sensible name. Select "TCP" protocol and port number of "22" for SSH connection.
- We also need to adjust the time out value.
- you need to define a pool to which the traffic will be forwarded.
- Give it name, select an load-balancing algorithm. I will select "SOURCE_IP", but it won't matter since we will have a single member for the SSH connection.
- add members to the pool. This is a list of ip that the traffic will be forwaded.
- We will add a single ip of the gateway instance we created.
- And set the port number properly (22 in this case).
- You don't need to worry about the weight values unless you want.
- We need to define a health monitor. I don't think this is required, but it seems it is when you create it from the gui.
- For TCP, I will just select "TCP" type (not sure what exactly they do)
- Everything is done. Click "Create" button.
- Waiting a few seconds, you will see that an ip is assigned to the LB object and its status turns to "Active".
Let's try to ssh in to the gateway instance using the LB ip address.
- Make sure you are doing this from an instance within the same network (i.e., the network where the ip address of the LB is reachable).
- Also make sure that the ssh key is properly set.
We will now give it a floating ip so that it can be accessible from the external network.
- In the dropdown menu for the LB, there should be a menu for "associate floating ip", click it.
- Select the ip address you want to use. Then click "Associate" button.
Now, you should be able to ssh in to the gateway using the floating ip you just associated.
My recommendation is that, instead of associating floating ip to individual instance, use the load balancer and assign different port to the different instances.
For HTTP connection, you can simply use L7 loadbalancing as explained below.
LoadBancer for HTTP connection
The same LB you created in the previous section can be used for HTTP load balancing (thus you don't need a new floating ip).
In the LoadBalancer meny, click the LB you created.
Go to the "listener" tab to create a listener, and click "Create Listener".
- Give it a sensible name, and select "HTTP" protocol.
Next, we create a pool
- Give it a sensible name.
- We will select "ROUND_ROBIN" for the Algorithm. And a protocol of "HTTP".
- For the session persistence, we will select "HTTP_COOKIE".
Now, we will add a members to the pool. This is the ip and port numbers which will receive the HTTP traffic.
We assume here that we have created a "NodePort" service, whose port number is 31349.
We add all the worker nodes as a member and set the port to 31349.
For the monitor, Select the type "HTTP". You can change other values if you know what they mean. Leaving it as is won't harm.
Click "Create Listener" to create one. It will also create a pool.
It is supposed to forward your HTTP traffic to the pool you created. However, unless you have setup the health monitor properly, the forwarding won't work. The easiest way is just to delete the monitor object (somehow, from the gui, you cannot create a pool without a monitor).
Note that all the traffic, regardless of the destination Host, will be forward to the pool you created, which may not what you want.
Let's create a L7 policy, so that HTTP traffic with certain Host destination will be forwarded to the pool
Click the "listener" object you created. You will see something like below.
Click the "L7 Policies" tab. Click "Create L7 policy".
- For action, select "REDIRECT_TO_POOL", then select the pool id you created in the previous section.
- You need additional pools, you can create them in the "pool" tab under the LB menu (the "pool" tab under listener menu seems to be readonly and you does not seem to create a new pool there).
Click the policy you created and select the "L7 Rule" tab. Click "Create L7 rule".
- We will use simple rule based on the hostname. So, select "HOST_NAME" type, and "EQUAL_TO" comparison type.
- The value should the host name you want to use. We will use "k8s-10-www.gems0.org".
Now, the http traffic with Host value of "k8s-10-www.gems0.org" will be forwarded to the pool of your selection. However, all the traffic is being forwarded to the pool. If you don't want this behavior, you can disable the default pool. Click "Edit Listener" and select None for the default pool.