Load Balancer property settings examples

Available in VPC

This is an example showing how to set the properties of a load balancer instance using various annotations introduced in Load Balancer instance integrations.

Caution

If you configure the load balancer of NAVER Cloud Platform created in Kubernetes through the console and API rather than the Kubernetes' Service resource, problems may occur in status synchronization. Change of settings for the created load balancers must be done by editing service resource created in Kubernetes.

General examples

Here are examples of settings that can be generally applied when creating load balancers.

Load Balancer Class selection example

From Kubernetes Version 1.27, you can specify LoadBalancerClass. You can use load balancers aside from the default one provided by NAVER Cloud Platform in your cluster by specifying LoadBalancerClass. If LoadBalancerClass is specified, Network Load Balancer and Network Proxy Load Balancer are not created. After creating a service, check the assigned External-IP to confirm external accessibility. The example below describes how to use loxilb by specifying Load BalancerClass.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  labels:
    app: nginx
spec:
  selector:
    app: nginx
  ports:
    - port: 8765
      targetPort: 80
  type: LoadBalancer
  loadBalancerClass: "loxilb.io/loxilb"

Example of selecting a dedicated subnet for instances

When creating an instance, use the lbSubnetNo in the configmap named ncloud-config in the kube-system Namespace as a default. If you need to create an instance in another load balancer-only subnet, you can use service.beta.kubernetes.io/ncloud-load-balancer-subnet-id annotation.

Below is an example selecting a dedicated subnet where NPLB instances will be created.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-subnet-id: "452772"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of assigning public IP to load balancer

You can define the public IP to be assigned to a load balancer in the spec.loadBalancerIP field when the service type is LoadBalancer. In this field, you can enter only unassigned public IP addresses, which you can check in the NAVER Cloud Platform console > VPC > Public IP menu.
By default, deleting a load balancer will return the public IP assigned to it. The service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination: "true" annotation can be used to prevent the public IP from being returned.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination: "true"
spec:
  loadBalancerIP: 110.234.194.181
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
      name: http
  selector:
    run: nginx
  type: LoadBalancer

Example of creating private network-type load balancer

You can create a private load balancer accessible only within VPC using the service.beta.kubernetes.io/ncloud-load-balancer-internal annotation. The default value of this annotation is "false", so if not explicitly specified, a public load balancer is created. Private load balancers distribute load across internal servers using private IPs within the VPC and do not allow access from outside VPC.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-internal: "true"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of load balancing algorithm settings

You can set a load balancing algorithm for your load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code annotation. For Network Proxy LoadBalancer, you can choose among Round Robin (RR), Source Ip Hash (SIPHS), and Least Connection (LC). For Network LoadBalancer, you can select between Hash (MH) and Round Robin (RR).

Below is an example of creating a Network Proxy LoadBalancer and selecting Source IP Hash (SIPHS) as a load balancing algorithm.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code: "SIPHS"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Access Control List settings examples

You can set Access Control List for each load balancer listener using the service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.{port}: {aclId} annotation.

Below is an example of setting Access Control List using the annotation.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.80: "123"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of Network Proxy Load Balancer (NPLB) property settings

Example of Network Proxy Load Balancer (NPLB) instance creation

You can create NetworkProxyLoadBalancer instances using the service.beta.kubernetes.io/ncloud-load-balancer-layer-type annotation. Below is an example of creating a NetworkProxyLoadBalancer instance:

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-internal: "true"    
    service.beta.kubernetes.io/ncloud-load-balancer-size: "SMALL"
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of load balancer's load processing performance setting

You can set load processing performance of a created load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-size annotation.

Below is an example of setting load processing performance using the annotation.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-size: "MEDIUM"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

TLS settings example

You can apply a TLS/SSL certificate to your load balancer through the service specifications. Assign the certificate number (NRN) registered in Certificate Manager to service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no and set the TLS port number to service.beta.service.beta.kubernetes.io/ncloud-load-balancer-tls-ports annotation. Below is an example encrypting the traffic coming through the port 443 (HTTPS) and forwarding it to the port 80 (HTTP).

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no: "1234"
    service.beta.kubernetes.io/ncloud-load-balancer-tls-ports: "443"
spec:
  ports:
    - port: 443
      targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Proxy protocol activation examples

You can activate the proxy protocol of your load balancer using the service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol annotation. The proxy protocol is a protocol that allows the original client IP address to be known when using TCP or SSL protocols and making connection requests through a proxy environment. To use this feature, you should configure the settings for the load balancer as well as for the connected applications (pods).

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol: "true"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Load Balancer Idle Timeout settings example

You can adjust the Idle Timeout in your load balancer using service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout. The value should be adjusted considering the Idle Timeout of the application, and the default value for the load balancer is 60 seconds. Here is an example of how to set the Idle Timeout for the load balancer to 90 seconds:

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
    service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout: "90"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Network Load Balancer (NLB) property settings example

Network Load Balancer (NLB) instance creation example

You can create Network Load Balancer instances using service.beta.kubernetes.io/ncloud-load-balancer-layer-type annotations. Below is an example of creating a Network Load Balancer instance:

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
    service.beta.kubernetes.io/ncloud-load-balancer-internal: "true"    
    service.beta.kubernetes.io/ncloud-load-balancer-size: "SMALL"
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

Example of setting ACG rule's inbound source upon creation of a load balancer

If the service type is LoadBalancer, then an ACG rule with 0.0.0.0./0 as inbound source is set up by default for external communication. If a different IP block is required to be set to be the inbound source, you can use the annotation of service.beta.kubernetes.io/ncloud-load-balancer-inbound-source. If you'd like to specify multiple inbound sources, you can use commas as separators.

Below is an example of setting the ACG rule's Inbound Source when creating an NLB instance.

kind: Service
apiVersion: v1
metadata:
  name: my-nginx
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
    service.beta.kubernetes.io/ncloud-load-balancer-inbound-source: "10.120.0.0/16,143.248.12.77/32"
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    run: my-nginx
  type: LoadBalancer

UDP configuration example when creating a load balancer

Network LoadBalancer can use UDP protocol as a listener. Below is an example of setting a UDP listener when you create an NLB instance:

Note

Even if you use UDP as the listener protocol, health checks for the target group run through TCP. Therefore, a TCP port must be open in the Kubernetes Service resources.
If the UDP port and TCP port are identical, you do not need any additional settings.
If the UDP and TCP ports are different, you must explicitly set the health check port through an annotation.
Due to service limits, a TCP listener is also created on the load balancer.

If the UDP and TCP ports are the same:
- Annotation is not used.

apiVersion: v1
kind: Service
metadata:
  name: udp-service
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
spec:
  selector:
    app: udp-service
  ports:
    - name: tcp
      port: 80
      protocol: TCP
      nodePort: 30080
    - name: udp
      port: 80
      protocol: UDP
      nodePort: 30080
  type: LoadBalancer

If the UDP and TCP ports are different:
- Specify a health check port through annotation.

apiVersion: v1
kind: Service
metadata:
  name: udp-service
  annotations:
    service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
    service.beta.kubernetes.io/ncloud-load-balancer-healthcheck-port.90: "85" #Health check of port 90 uses the node port of port 85
spec:
  selector:
    app: udp-service
  ports:
    - name: tcp
      port: 85
      targetPort: 80
      protocol: TCP
      nodePort: 30091
    - name: udp
      port: 90
      targetPort: 90
      protocol: UDP
      nodePort: 30090
  type: LoadBalancer