Integrating Load Balancer instances

The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.

Available in VPC

When you create a service to use Ncloud Kubernetes Service, you can automatically create a Load Balancer instance which is integrated to the service.

Manage Load Balancer instances integrated to Kubernetes

Caution

NAVER Cloud Platform's Load Balancer, created in Kubernetes, is managed by the resources of Kubernetes.
If you edit a Load Balancer directly in the console or via the API, Kubernetes and the Load Balancer may fall out of sync, potentially causing unexpected issues. If you need to change Load Balancer settings, always update the Kubernetes resources instead.
Technical support is not provided for issues caused by direct changes made through the console or API.
Once you create a load balancer, you cannot change its type.

Create instances

To create a Load Balancer instance integrated to Ncloud Kubernetes Service, specify the service manifest type as LoadBalancer and set the service.beta.kubernetes.io/ncloud-load-balancer-layer-type annotation as nplb or nlb.

nplb: A network proxy load balancer (NPLB) instance is created.
nlb: A network load balancer (NLB) instance is created.

Configure instance properties

You can set properties of an instance created through the service manifest's annotation. To set instance properties, see the following table and enter the metadata.annotations value when creating an instance.

Network Proxy Load Balancer (NPLB)

Annotation	Description	Note
`service.beta.kubernetes.io/ncloud-load-balancer-layer-type`	Load balancer network layer type setting. Select one: nplb or nlb	Default: nplb
`service.beta.kubernetes.io/ncloud-load-balancer-size`	Load balancer's load processing performance. Select one: SMALL, MEDIUM, LARGE, or XLARGE	Default: SMALL
`service.beta.kubernetes.io/ncloud-load-balancer-internal`	Private network type load balancer creation setting. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination`	Setting used to preserve the assigned public IP when the load balancer is removed. Applied only to the load balancers that have public IPs assigned. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-description`	Enter a note about the load balancer instance to be created.	-
`service.beta.kubernetes.io/ncloud-load-balancer-termination-protection`	Setting to prevent automatic termination of the load balancer when a service with type specified as "LoadBalancer" is removed. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-subnet-id`	ID of the dedicated load balancer subnet used to create the load balancer.	Use lbSubnetNo within the configmap named ncloud-config in the kube-system by default.
`service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no`	The certificate number of the Certificate Manager to be applied to the listener of which the protocol is TLS. You can find the certificate number in the Resource Manager's NRN. (Example: nrn:PUB:CertificateManager::000:Certificate/External/${certificateNo})	-
`service.beta.kubernetes.io/ncloud-load-balancer-tls-ports`	List of ports to apply TLS. e.g., "443,6443"	Default: `"443"`. Values separated by commas can be used.
`service.beta.kubernetes.io/ncloud-load-balancer-tls-min-version`	Minimum support version type code of TLS. Select one: TLSV10, TLSV11, TLSV12, TLSV13	Default: TLSV10
`service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol`	Proxy protocol activation status. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code`	One among Round Robin (RR), Source Ip Hash (SIPHS), or Least Connection (LC) can be set as algorithm type. Select one: RR, SIPHS, LC	Default: RR
`service.beta.kubernetes.io/ncloud-load-balancer-enable-skip-acg-update`	ACG update setting status. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout`	Load balancer's idle timeout settings (1-3600)	Default: 60
`service.beta.kubernetes.io/ncloud-load-balancer-cipher-suite-list`	List of cipher suite supported by listener. Example: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.	All cipher suites supported by the default listener.
`service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.{port}`	ACL ID to be assigned to the listener.	-

Network Load Balancer (NLB)

Annotation	Description	Note
`service.beta.kubernetes.io/ncloud-load-balancer-layer-type`	Load balancer network layer type setting. Select one: nplb or nlb	Default: nplb Enter nlb to create a Network Load Balancer.
`service.beta.kubernetes.io/ncloud-load-balancer-size`	Load balancer's load processing performance. Select one: SMALL, MEDIUM, LARGE, or DYNAMIC	Default: DYNAMIC Only DYNAMIC is available for new load balancers. For non-DYNAMIC types, some load balancers can be changed to DYNAMIC type by applying the DYNAMIC annotation. Cannot be changed from DYNAMIC type to another type.
`service.beta.kubernetes.io/ncloud-load-balancer-internal`	Private network type load balancer creation setting. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination`	Setting used to preserve the assigned public IP when the load balancer is removed. Applied only to the load balancers that have public IPs assigned. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-description`	Enter a note about the load balancer instance to be created.	-
`service.beta.kubernetes.io/ncloud-load-balancer-termination-protection`	Setting to prevent automatic termination of the load balancer when a service with type specified as "LoadBalancer" is removed. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-inbound-source`	Value to be used as inbound access source in the ACG rule. Example: 119.194.195.143/32,143.248.12.77/32	Default: 0.0.0.0/0
`service.beta.kubernetes.io/ncloud-load-balancer-subnet-id`	ID of the dedicated load balancer subnet used to create the load balancer.	Use lbSubnetNo within the configmap named ncloud-config in the kube-system.
`service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code`	Configure algorithm type between Hash (MH) or Round Robin (RR). Select one: MH, RR	Default: MH
`service.beta.kubernetes.io/ncloud-load-balancer-enable-skip-acg-update`	ACG update setting status. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-sticky-session`	Sticky Session setting status. Select one: `"true"` or `"false"`	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.{port}`	ACL ID to be assigned to the listener.	-
`service.beta.kubernetes.io/ncloud-load-balancer-healthcheck-port.{port}`	Specify the service port used for health checks on a specific listener port.	-

Public/private IP assignment method according to Load Balancer's subnet type

Load balancers use two types of subnets: public subnet and private subnet. Each type is required when creating a load balancer with a private or public IP assigned. When you create a load balancer, it uses the lbPublicSubnetNo and lbSubnetNo subnet IDs defined in the ncloud-config ConfigMap for the kube-system namespace. You can override the subnet ID and use different subnet IDs for the load balancer by setting the service.beta.kubernetes.io/ncloud-load-balancer-subnet-id annotation when you create it.

1. Public Subnet (for Internet Gateway only)
You need a public subnet to create a load balancer with a public IP. In the NAVER Cloud Platform console VPC environment, navigate to i_menu > Services > Networking > VPC > Public IP to request a public IP, and assign it to the load balancer. If no public IP is specified, a new public IP is applied.

2. Private Subnet
You need a private subnet in the VPC to create a load balancer with a private IP.

Instance properties settings example

For more detailed example of setting instance properties, see Load Balancer properties settings examples.

Check external IP of the created load balancer instance

Run the command below to check the external IP of a created instance.

$ kubectl --kubeconfig $KUBE_CONFIG get svc example-service

The external IP of the instance is displayed in the EXTERNAL-IP column. Below is an example viewing an external IP using the command.

$ kubectl --kubeconfig $KUBE_CONFIG get svc example-service
NAME              TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)          AGE
example-service   LoadBalancer   172.16.101.104   10.39.10.118   8765:30365/TCP   2m11s

Delete instance

Delete the Kubernetes service created with "LoadBalancer" as its type to automatically delete the connected Load Balancer instance with it.
To check and delete a Kubernetes service created as "LoadBalancer":

Run the following command to check the created Kubernetes service:

The type of each service can be seen in the result's TYPE column.

$ kubectl --kubeconfig $KUBE_CONFIG get service

Run the following command to delete the "LoadBalancer" type service:

$ kubectl --kubeconfig $KUBE_CONFIG delete service my-nginx