Available in VPC
When you create a service to use Ncloud Kubernetes Service, you can automatically create a Load Balancer instance which is integrated to the service.
Manage Load Balancer instances integrated to Kubernetes
Caution
- NAVER Cloud Platform's Load Balancer, created in Kubernetes, is managed by the resources of Kubernetes.
- If you edit Load Balancer yourself through the console or APIs, the status synchronization may not be performed normally, causing unexpected issues. If you need to change the Load Balancer settings, make sure to proceed it by editing the Kubernetes resources.
- Technical support is not provided for any problems occurred from directly changing it through the console or APIs.
Create instances
To create a Load Balancer instance integrated to Ncloud Kubernetes Service, specify the service manifest type as Load Balancer and set the service.beta.kubernetes.io/ncloud-load-balancer-layer-type annotation as nplb or nlb.
- nplb: a network proxy load balancer (NPLB) instance is created.
- nlb: a network load balancer (NLB) instance is created.
Set instance properties
You can set properties of an instance created through the service manifest's annotation. To set instance properties, see the following table and enter the metadata.annotations value when creating an instance:
- Network proxy load balancer (NPLB)
| Annotation | Description | Note |
|---|---|---|
service.beta.kubernetes.io/ncloud-load-balancer-layer-type |
Load balancer network layer type setting
|
Default nplb |
service.beta.kubernetes.io/ncloud-load-balancer-size |
Road balancer's load processing performance
|
Default: SMALL |
service.beta.kubernetes.io/ncloud-load-balancer-internal |
Private network type load balancer creation setting Select one of the following values: "true" or "false" |
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination |
The setting used to preserve the assigned public IP when the load balancer is removed. Applied only to the load balancers that have public IPs assigned.
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-description |
Enter a note about the load balancer instance to be created. | - |
service.beta.kubernetes.io/ncloud-load-balancer-termination-protection |
Automatic removal protection setting for the load balancer when the service whose type is specified as LoadBalancer is removed.
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-subnet-id |
ID of the dedicated subnet for creating load balancers | Use lbSubnetNo within the configmap named ncloud-config in the kube-system by default. |
service.beta.kubernetes.io/ncloud-load-balancer-ssl-certificate-no |
Certificate Manager's certificate number to be applied to listeners with the TLS protocol
|
- |
service.beta.kubernetes.io/ncloud-load-balancer-tls-ports |
List of ports to apply TLS. e.g. "443,6443" | Default "443", values separated by commas can be used. |
service.beta.kubernetes.io/ncloud-load-balancer-tls-min-version |
Minimum support version type code of TLS
|
Default: TLSV10 |
service.beta.kubernetes.io/ncloud-load-balancer-proxy-protocol |
Proxy protocol activation status
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code |
Can set round robin (RR), source ip hash (SIPHS) or least connection (LC) as algorithm type.
|
Default: RR |
service.beta.kubernetes.io/ncloud-load-balancer-enable-skip-acg-update |
ACG update setting status.
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-idle-timeout |
Load Balancer's Idle Timeout settings (1 - 3600) | Default: 60 |
service.beta.kubernetes.io/ncloud-load-balancer-cipher-suite-list |
List of Cipher Suite supported by listener (Example: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) | All cipher suites supported by the default listener |
service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.{port} |
ACL ID to be assigned to the listener | - |
- Network load balancer (NLB)
| Annotation | Description | Note |
|---|---|---|
service.beta.kubernetes.io/ncloud-load-balancer-layer-type |
Load balancer network layer type setting
|
Default nplb
|
service.beta.kubernetes.io/ncloud-load-balancer-size |
Road balancer's load processing performance
|
Default DYNAMIC
|
service.beta.kubernetes.io/ncloud-load-balancer-internal |
Private network type Load Balancer creation setting
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination |
The setting used to preserve the assigned public IP when the load balancer is removed. Applied only to the Load Balancers that have public IPs assigned.
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-description |
Enter a note about the load balancer instance to be created. | - |
service.beta.kubernetes.io/ncloud-load-balancer-termination-protection |
Automatic removal protection setting for the load balancer when the service whose type is specified as load balancer is removed.
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-inbound-source |
Value to be used as inbound access source in the ACG rule.
|
Default: 0.0.0.0/0 |
service.beta.kubernetes.io/ncloud-load-balancer-subnet-id |
ID of the load balancer-only subnet for creating load balancers | Use lbSubnetNo within the configmap named ncloud-config in the kube-system. |
service.beta.kubernetes.io/ncloud-load-balancer-algorithm-type-code |
set hash (MH) or round robin (RR) as algorithm type.
|
Default: MH |
service.beta.kubernetes.io/ncloud-load-balancer-enable-skip-acg-update |
ACG update setting status.
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-sticky-session |
Sticky Session setting status.
|
Default "false" |
service.beta.kubernetes.io/ncloud-load-balancer-listener-acl-id.{port} |
ACL ID to be assigned to the listener | - |
Public/private IP assignment method according to Load Balancer's subnet type
Load balancers use two types of subnets: public subnet and private subnet. Each type is required when creating a Load Balancer with a private or public IP assigned. When creating a Load Balancer, use the lbPublicSubnetNo configured by ncloud-config ConfigMap in the kube-system namespace or the Ssubnet ID in the lbSubnetNo field. This subnet ID can be specified to use a different subnet ID using the service.beta.kubernetes.io/ncloud-load-balancer-subnet-id annotation when creating a Load Balancer.
1. Public Subnet (Internet Gateway only)
A public subnet is required to create a load balancer with an public IP assigned. You may request a public IP from VPC > Public IP on the NAVER Cloud Platform console and assign it to a Load Balancer. If no public IP is specified, a new public IP is applied.
2. Private Subnet
This subnet is required to create a load balancer in the private subnet assigned with a private IP within VPC.
Examples of instance properties settings
For more detailed example of setting instance properties, see Load Balancer properties settings examples.
Example of network proxy load balancer (NPLB) instance creation
An example of creating an NPLB instance integrated to Kubernetes is as follows:
- Save the following code example as an nks-lb.yml file:
- You can see the annotation to create a private network proxy type Load Balancer instance in the following code example:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
replicas: 1
selector:
matchLabels:
run: my-nginx
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nplb"
service.beta.kubernetes.io/ncloud-load-balancer-internal: "true"
service.beta.kubernetes.io/ncloud-load-balancer-size: "SMALL"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer
- Run the
kubectl apply -f nks-lb.ymlcommand to deploy.
Example of network load balancer (NLB) instance creation
- Save the following code example as an nks-lb.yml file:
- You can see the annotation to create a private network proxy type Load Balancer instance in the following code example:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
replicas: 1
selector:
matchLabels:
run: my-nginx
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
name: my-nginx
annotations:
service.beta.kubernetes.io/ncloud-load-balancer-layer-type: "nlb"
service.beta.kubernetes.io/ncloud-load-balancer-internal: "true"
service.beta.kubernetes.io/ncloud-load-balancer-size: "SMALL"
spec:
ports:
- port: 80
targetPort: 80
selector:
run: my-nginx
type: LoadBalancer
- Run the
kubectl apply -f nks-lb.ymlcommand to deploy.
Check the external IP of a created Load Balancer instance
Run the following command to check the external IP of a created instance:
$ kubectl --kubeconfig $KUBE_CONFIG get svc example-service
The external IP of the instance is displayed in the EXTERNAL-IP column. The following is an example of viewing external IP using the command:
$ kubectl --kubeconfig $KUBE_CONFIG get svc example-service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
example-service LoadBalancer 172.16.101.104 10.39.10.118 8765:30365/TCP 2m11s
Delete instance
Delete the Kubernetes service which is created as LoadBalancer type to automatically delete the integrated Load Balancer instance with it.
To check the Kubernetes service created as LoadBalancer type and delete it, follow these steps:
- Run the following command to check the created Kubernetes service:
- Each service's type can be seen in the result's TYPE column.
$ kubectl --kubeconfig $KUBE_CONFIG get service
- Run the following command to delete the Load Balancer type service:
$ kubectl --kubeconfig $KUBE_CONFIG delete service my-nginx