- Print
- PDF
Load Balancer property settings examples
- Print
- PDF
Available in VPC
This is an example showing how to set the properties of a load balancer instance using various annotations introduced in Load Balancer instance connection.
If you configure the load balancer of NAVER Cloud Platform created in Kubernetes through the console and API rather than the Kubernetes' Service resource, problems may occur in status synchronization. Change of settings for the created load balancers must be done by editing service resource created in Kubernetes.
General example
This is a settings example that can be applied generally to the creation of load balancers.
Load Balancer Class selection example
From Kubernetes Version 1.27, you can specify LoadBalancerClass
. You can use a load balancer different from the default one provided by NAVER Cloud Platform in your cluster by specifying LoadBalancerClass. If LoadBalancerClass is specified, Network Load Balancer and Network Proxy Load Balancer are not generated. After creating a service, check the assigned External-IP to confirm external accessibility. The example below describes how to use loxilb by specifying Load BalancerClass.
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
app: nginx
spec:
selector:
app: nginx
ports:
- port: 8765
targetPort: 80
type: LoadBalancer
loadBalancerClass: "loxilb.io/loxilb"
Example of selecting a dedicated subnet where instances are created
When creating an instance, use the lbSubnetNo
in the configmap
named ncloud-config
in the kube-system
Namespace. If you need to create an instance in another load balancer-only subnet, then the service.beta.kubernetes.io/ncloud-load-balancer-subnet-id
annotation can be used.
The following is an example of selecting a dedicated subnet where NPLB instances will be created.
kind: Service
apiVersion: v1
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
service.beta.kubernetes.io/ncloud-load-balancer-subnet-id: "452772"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer
Example of assigning public IP to load balancer
You can define the public IP to be assigned to a load balancer in the spec.loadBalancerIP
field when the service type is LoadBalancer
. In this field, only the public IP that has not been assigned and checked from the 네이버 클라우드 플랫폼 콘솔 > VPC > Public IP
menu can be described.
By default, deleting a load balancer returns the public IP assigned to it as well. The service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination: "true"
annotation can be used to prevent the public IP from being returned.
apiVersion: v1
kind: Service
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination: "true"
spec:
loadBalancerIP: 110.234.194.181
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
run: nginx
type: LoadBalancer
Example of creating private-network-type load balancer
You can create a private-type load balancer accessible only within the VPC using the service.beta.kubernetes.io/ncloud-load-balancer-internal
annotation. The default value of this annotation is false, so if not explicitly specified, a public-type load balancer is created. Private-type load balancers distribute load among internal servers using private IPs within the VPC and do not allow external access from outside the VPC.
apiVersion: v1
kind: Service
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
service.beta.kubernetes.io/ncloud-load-balancer-internal: "true"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer
Example of setting load balancing algorithm
You can set a load-balancing algorithm for your load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code
annotation. For Network Proxy LoadBalancer, you can choose among Round Robin (RR), Source Ip Hash (SIPHS), and Least Connection (LC). For Network LoadBalancer, you can select between Hash (MH) and Round Robin (RR).
Below is an example of creating a Network Proxy LoadBalancer and selecting Source Ip Hash(SIPHS) as a load-balancing algorithm.
apiVersion: v1
kind: Service
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code: "SIPHS"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer
Example of setting Network Proxy Load Balancer (NPLB) property
Example of setting load balancer's load processing performance
You can set load processing performance of a created load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-size
annotation.
The following is an example of setting load processing performance using the annotation.
kind: Service
apiVersion: v1
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
service.beta.kubernetes.io/ncloud-load-balancer-size: "MEDIUM"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer
TLS settings example
You can apply a TLS/SSL certificate to your load balancer through the service specifications. Set the certificate number (nrn) registered in Certificate Manager to service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no
and set the number of the port that will use TLS to the service.beta.service.beta.kubernetes.io/ncloud-load-balancer-tls-ports
annotation. Below is an example of encrypting the traffic coming through the 443 port (HTTPS) and forwarding it to the 80 port (HTTP).
kind: Service
apiVersion: v1
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no: "1234"
service.beta.kubernetes.io/ncloud-load-balancer-tls-ports: "443"
spec:
ports:
- port: 443
targetPort: 80
selector:
app: nginx
type: LoadBalancer
Proxy protocol activation examples
You can activate the proxy protocol of your load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol
annotation. The proxy protocol is a protocol that allows the original client IP address to be known when using TCP or SSL protocols and making connection requests through a proxy environment. To use this feature, you should configure the settings for the load balancer as well as for the connected applications (pods).
kind: Service
apiVersion: v1
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol: "true"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer
Load balancer Idle Timeout settings example
You can adjust the Idle Timeout in your load balancer using service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout
. The value should be adjusted considering the Idle Timeout of the application, and the default value for the load balancer is 60 seconds. The example below describes how to set the Idle Timeout for the load balancer to 90 seconds.
kind: Service
apiVersion: v1
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout: "90"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer
Example of setting Network Load Balancer (NLB) property
Example of setting ACG rule's inbound source upon creation of a load balancer
If the service type is LoadBalancer
, then an ACG rule with 0.0.0.0./0
as inbound source is set up by default for external communication. If a different IP block is required to be set to be the inbound source, then you can use the annotation of service.beta.kubernetes.io/ncloud-load-balancer-inbound-source
. If you'd like to specify multiple inbound sources, then you can use commas (,) as separators.
The following is an example of setting the ACG rule's Inbound Source when creating an NLB instance.
kind: Service
apiVersion: v1
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
service.beta.kubernetes.io/ncloud-load-balancer-inbound-source: "10.120.0.0/16,143.248.12.77/32"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer