Load Balancer instance integrations

Available in VPC

You can automatically create a Load Balancer instance integrated with a service when creating the service to use Ncloud Kubernetes Service.

Management of Load Balancer instances integrated with Kubernetes

Caution

A Load Balancer created in Kubernetes on NAVER Cloud Platform is managed as a Kubernetes resource.
If you edit a Load Balancer directly through the console or API, the state synchronization with Kubernetes may not function correctly, potentially causing unexpected issues. Any configuration changes for Load Balancer must be performed by editing the Kubernetes resources.
Technical support is not provided for issues caused by direct changes made through the console or API.
The type of a Load Balancer cannot be changed once it has been created.

Create an instance

To create a Load Balancer instance integrated with Ncloud Kubernetes Service, set the service manifest type to LoadBalancer, and set the service.beta.kubernetes.io/ncloud-load-balancer-layer-type annotation to either nplb or nlb.

nplb: A Network Proxy Load Balancer (NPLB) instance is created.
nlb: A Network Load Balancer (NLB) instance is created.

Configure instance properties

You can configure the properties of the instance to be created using annotations in the service manifest. To configure instance properties, enter the metadata.annotations values according to the table below when creating the instance.

Network Proxy Load Balancer (NPLB)

Annotation	Description	Note
`service.beta.kubernetes.io/ncloud-load-balancer-layer-type`	Configure Load Balancer network layer type. Select one of the following values: nplb or nlb.	Default: nplb
`service.beta.kubernetes.io/ncloud-load-balancer-size`	Load processing performance of the Load Balancer. Select one of the following values: SMALL, MEDIUM, LARGE, or XLARGE.	Default: SMALL
`service.beta.kubernetes.io/ncloud-load-balancer-internal`	Configure for creating a private network type Load Balancer. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination`	Configure to retain the allocated public IP when deleting the Load Balancer. Applies only to Load Balancers with an assigned public IP. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-description`	Enter a note for the Load Balancer instance to be created.	-
`service.beta.kubernetes.io/ncloud-load-balancer-termination-protection`	Configure to prevent automatic deletion of the Load Balancer when deleting a service with the type LoadBalancer. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-subnet-id`	Dedicated subnet ID for Load Balancer creation.	Default: lbSubnetNo in the configmap named ncloud-config in the kube-system
`service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no`	Certificate number from Certificate Manager to apply to listeners using the TLS protocol. The certificate number can be found in the nrn of Resource Manager (e.g., nrn:PUB:CertificateManager::000:Certificate/External/${certificateNo}).	-
`service.beta.kubernetes.io/ncloud-load-balancer-tls-ports`	List of ports to which TLS will be applied. (e.g., "443,6443")	Default: `"443"`; comma-separated values supported
`service.beta.kubernetes.io/ncloud-load-balancer-tls-min-version`	Type code for the minimum supported TLS version. Select one of the following values: TLSV10, TLSV11, TLSV12, or TLSV13.	Default: TLSV10
`service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol`	Whether to enable the proxy protocol. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code`	Load balancing algorithm type; select from Round Robin (RR), Source IP Hash (SIPHS), or Least Connection (LC). Select one of the following values: RR, SIPHS, or LC.	Default: RR
`service.beta.kubernetes.io/ncloud-load-balancer-enable-skip-acg-update`	Whether to update ACG settings. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout`	Idle timeout setting for the Load Balancer (1-3,600).	Default: 60
`service.beta.kubernetes.io/ncloud-load-balancer-cipher-suite-list`	List of cipher suites supported by the listener (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)	Default: All cipher suites supported by the listener
`service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.{port}`	ACL ID to be assigned to the listener.	-

Network Load Balancer (NLB)

Annotation	Description	Note
`service.beta.kubernetes.io/ncloud-load-balancer-layer-type`	Configure Load Balancer network layer type. Select one of the following values: nplb or nlb.	Default: nplb Enter nlb to create a Network Load Balancer.
`service.beta.kubernetes.io/ncloud-load-balancer-size`	Load processing performance of the Load Balancer. Select one of the following values: SMALL, MEDIUM, LARGE, or DYNAMIC.	Default: DYNAMIC Only DYNAMIC can be set during creation. For certain Load Balancers with non-DYNAMIC types, changing to DYNAMIC is supported by applying the DYNAMIC annotation. Changing from DYNAMIC to another type is not supported.
`service.beta.kubernetes.io/ncloud-load-balancer-internal`	Configure for creating a private network type Load Balancer. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination`	Configure to retain the allocated public IP when deleting the Load Balancer. Applies only to Load Balancers with an assigned public IP. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-description`	Enter a note for the Load Balancer instance to be created.	-
`service.beta.kubernetes.io/ncloud-load-balancer-termination-protection`	Configure to prevent automatic deletion of the Load Balancer when deleting a service with the type LoadBalancer. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-inbound-source`	Value to be used as an inbound source for ACG rules. Example: 119.194.195.143/32, 143.248.12.77/32	Default: 0.0.0.0/0
`service.beta.kubernetes.io/ncloud-load-balancer-subnet-id`	Dedicated subnet ID for Load Balancer creation.	Default: lbSubnetNo in the ConfigMap named ncloud-config in the kube-system namespace
`service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code`	Hash (MH) or Round Robin (RR) can be configured as the algorithm type. Select one of the following values: MH or RR.	Default: MH
`service.beta.kubernetes.io/ncloud-load-balancer-enable-skip-acg-update`	Whether to update ACG settings. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-sticky-session`	Whether to use sticky sessions. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`
`service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.{port}`	ACL ID to be assigned to the listener.	-
`service.beta.kubernetes.io/ncloud-load-balancer-healthcheck-port.{port}`	Specifies the service port to be used for health checks for a specific listener port.	-
`service.beta.kubernetes.io/ncloud-load-balancer-enable-acl-operator`	Whether to delegate ACL-related features to the ACL-operator. Built-in acl features are disabled when activated. Select one of the following values: `"true"` or `"false"`.	Default: `"false"`

Public and private IP assignment methods based on the Load Balancer subnet type

Load Balancer subnets are classified into two types: Public Subnet and Private Subnet. Each type is required to create a Load Balancer with a public or private IP assigned, respectively. When creating a Load Balancer, the Subnet ID defined in the lbPublicSubnetNo and lbSubnetNo fields of the ncloud-config ConfigMap in the kube-system namespace is used. This subnet ID can be changed to another ID by using the service.beta.kubernetes.io/ncloud-load-balancer-subnet-id annotation when creating a Load Balancer.

1. Public subnet (for Internet gateway only)
A public subnet is required to create a Load Balancer with a public IP assigned. In the NAVER Cloud Platform console, navigate to i_menu > Services > Networking > VPC > Public IP to request a public IP, and assign it to the Load Balancer. If no public IP is specified, a new one will be requested.

2. Private Subnet
To create a Load Balancer with a private IP assigned within a VPC, a private subnet is required.

Examples of configuring instance properties

For detailed examples of configuring instance properties, see Load Balancer properties settings examples.

Check the external IP of the created Load Balancer instance

To check the external IP of the created instance, run the following command:

$ kubectl --kubeconfig $KUBE_CONFIG get svc example-service

The external IP of the instance will be displayed in the EXTERNAL-IP column. The following is an example of retrieving the external IP using the command.

$ kubectl --kubeconfig $KUBE_CONFIG get svc example-service
NAME              TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)          AGE
example-service   LoadBalancer   172.16.101.104   10.39.10.118   8765:30365/TCP   2m11s

Delete an instance

Deleting a Kubernetes Service created with the LoadBalancer type also automatically deletes the integrated Load Balancer instance.
To check and delete a Kubernetes Service created with the LoadBalancer type:

Run the following command to check the created Kubernetes Service:

You can check the type of each Service in the TYPE column of the result values.

$ kubectl --kubeconfig $KUBE_CONFIG get service

Run the following command to delete the Service of LoadBalancer type:

$ kubectl --kubeconfig $KUBE_CONFIG delete service my-nginx