Load Balancer property settings examples

Prev Next

Available in VPC

This is an example showing how to set the properties of a load balancer instance using various annotations introduced in Load Balancer instance integrations.

Caution

If you configure the load balancer of NAVER Cloud Platform created in Kubernetes through the console and API rather than the Kubernetes' Service resource, problems may occur in status synchronization. Change of settings for the created load balancers must be done by editing service resource created in Kubernetes.

General example

This is a settings example that can be applied generally to the creation of load balancers.

Load Balancer class selection example

From Kubernetes Version 1.27, you can specify LoadBalancerClass. You can use a load balancer different from the default one provided by NAVER Cloud Platform in your cluster by specifying LoadBalancerClass. If LoadBalancerClass is specified, Network Load Balancer and Network Proxy Load Balancer are not generated. After creating a service, check the assigned External-IP to confirm external accessibility. The example below describes how to use loxilb by specifying Load BalancerClass.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  labels:
    app: nginx
spec:
  selector:
    app: nginx
  ports:
    - port: 8765
      targetPort: 80
  type: LoadBalancer
  loadBalancerClass: "loxilb.io/loxilb"

Example of selecting a dedicated subnet where instances are created

When creating an instance, use the lbSubnetNo in the configmap named ncloud-config in the kube-system Namespace. If you need to create an instance in another load balancer-only subnet, then the service.beta.kubernetes.io/ncloud-load-balancer-subnet-id annotation can be used.

The following is an example of selecting a dedicated subnet where NPLB instances will be created.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-subnet-id: "452772"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of assigning public IP to load balancer

You can define the public IP to be assigned to a load balancer in the spec.loadBalancerIP field when the service type is LoadBalancer. In this field, only the public IP that has not been assigned and checked from the 네이버 클라우드 플랫폼 콘솔 > VPC > Public IP menu can be described.
By default, deleting a load balancer returns the public IP assigned to it as well. The service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination: "true" annotation can be used to prevent the public IP from being returned.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination: "true"
spec:
  loadBalancerIP: 110.234.194.181
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
      name: http
  selector:
    run: nginx
  type: LoadBalancer

Example of creating private-network-type load balancer

You can create a private-type load balancer accessible only within the VPC using the service.beta.kubernetes.io/ncloud-load-balancer-internal annotation. The default value of this annotation is false, so if not explicitly specified, a public-type load balancer is created. Private-type load balancers distribute load among internal servers using private IPs within the VPC and do not allow external access from outside the VPC.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-internal: "true"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of setting load balancing algorithm

You can set a load-balancing algorithm for your load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code annotation. For Network Proxy LoadBalancer, you can choose among Round Robin (RR), Source Ip Hash (SIPHS), and Least Connection (LC). For Network LoadBalancer, you can select between Hash (MH) and Round Robin (RR).

Below is an example of creating a Network Proxy LoadBalancer and selecting Source Ip Hash(SIPHS) as a load-balancing algorithm.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code: "SIPHS"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Access Control List settings examples

service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.{port}: {aclId} You can set Access Control List for each load balancer listener using the annotation.

The following is an example of setting Access Control List using the annotation.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.80: "123"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of setting network proxy load balancer (NPLB) property

Example of setting load balancer's load processing performance

You can set load processing performance of a created load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-size annotation.

The following is an example of setting load processing performance using the annotation.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-size: "MEDIUM"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

TLS settings example

You can apply a TLS/SSL certificate to your load balancer through the service specifications. Set the certificate number (nrn) registered in Certificate Manager to service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no and set the number of the port that uses TLS to the service.beta.service.beta.kubernetes.io/ncloud-load-balancer-tls-ports annotation. Below is an example of encrypting the traffic coming through the 443 port (HTTPS) and forwarding it to the 80 port (HTTP).

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no: "1234"
    service.beta.kubernetes.io/ncloud-load-balancer-tls-ports: "443"
spec:
  ports:
    - port: 443
      targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Proxy protocol activation examples

You can activate the proxy protocol of your load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol annotation. The proxy protocol is a protocol that allows the original client IP address to be known when using TCP or SSL protocols and making connection requests through a proxy environment. To use this feature, you should configure the settings for the load balancer as well as for the connected applications (pods).

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol: "true"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Load balancer Idle Timeout settings example

You can adjust the Idle Timeout in your load balancer using service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout. The value should be adjusted considering the Idle Timeout of the application, and the default value for the load balancer is 60 seconds. The example below describes how to set the Idle Timeout for the load balancer to 90 seconds.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout: "90"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of setting network load balancer (NLB) property

Example of setting ACG rule's inbound source upon creation of a load balancer

If the service type is LoadBalancer, then an ACG rule with 0.0.0.0./0 as inbound source is set up by default for external communication. If a different IP block is required to be set to be the inbound source, then you can use the annotation of service.beta.kubernetes.io/ncloud-load-balancer-inbound-source. If you'd like to specify multiple inbound sources, then you can use commas (,) as separators.

The following is an example of setting the ACG rule's Inbound Source when creating an NLB instance.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
    service.beta.kubernetes.io/ncloud-load-balancer-inbound-source: "10.120.0.0/16,143.248.12.77/32"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

UDP settings example for load balancer creation

Network LoadBalancer can use UDP protocol as a listener. The UDP listener setting example for NLB instance creation is as follows:

Note

  • Health check of the target group is conducted through TCP even if the UDP protocol is used as a listener. Therefore, the TCP port needs to be open to Kubernetes service resource.

  • If UDP and TCP ports are identical, additional setup is not necessary.

  • If UDP and TCP ports are different from each other, you need to specify the health check port clearly through annotation.

  • Due to service limits, the TCP listener is also created with a load balancer.

  • If UDP and TCP ports are identical

    • Annotation not used
apiVersion: v1
kind: Service
metadata:
  name: udp-service
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
spec:
  selector:
    app: udp-service
  ports:
    - name: tcp
      port: 80
      protocol: TCP
      nodePort: 30080
    - name: udp
      port: 80
      protocol: UDP
      nodePort: 30080
  type: LoadBalancer
  • If UDP and TCP ports are not identical
    • Health check port specification is needed through annotation
apiVersion: v1
kind: Service
metadata:
  name: udp-service
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
    service.beta.kubernetes.io/ncloud-load-balancer-healthcheck-port.90: "85" #Health check of port 90 uses the node port of port 85
spec:
  selector:
    app: udp-service
  ports:
    - name: tcp
      port: 85
      targetPort: 80
      protocol: TCP
      nodePort: 30091
    - name: udp
      port: 90
      targetPort: 90
      protocol: UDP
      nodePort: 30090
  type: LoadBalancer