Pivotal Container Service v1.2

Configuring a GCP Load Balancer for PKS Clusters

Page last updated:

This topic describes how to configure a Google Cloud Platform (GCP) load balancer for a Kubernetes cluster deployed by Pivotal Container Service (PKS).

Overview

A load balancer is a third-party device that distributes network and application traffic across resources. You can use a load balancer to access a PKS-deployed cluster from outside the network using the PKS API and kubectl. Using a load balancer can also prevent individual network components from being overloaded by high traffic.

You can configure GCP load balancers only for PKS clusters that are deployed on GCP.

To configure a GCP load balancer, follow the procedures below:

  1. Create a GCP Load Balancer
  2. Create the Cluster
  3. Configure Load Balancer Back End
  4. Create a Network Tag
  5. Create Firewall Rules
  6. Access the Cluster

To reconfigure a cluster load balancer, follow the procedures in Reconfigure Load Balancer.

Prerequisites

The procedures in this topic have the following prerequisites:

  • To complete these procedures, you must have already configured a load balancer to access the PKS API. For more information, see Creating a GCP Load Balancer for the PKS API.
  • The version of the PKS CLI you are using must match the version of the PKS tile you are installing.

Configure GCP Load Balancer

Follow the procedures in this section to create and configure a load balancer for PKS-deployed Kubernetes clusters using GCP. Modify the example commands in these procedures to match your PKS installation.

Create a GCP Load Balancer

Perform the following steps to create a GCP load balancer for your PKS clusters:

  1. Navigate to the Google Cloud Platform console.
  2. In the sidebar menu, select Network Services > Load balancing.
  3. Click Create a Load Balancer.
  4. In the TCP Load Balancing pane, click Start configuration.
  5. Click Continue. The New TCP load balancer menu opens.
  6. Give the load balancer a name. For example, my-cluster.
  7. Click Frontend configuration and configure the following settings:
    1. Click IP.
    2. Select Create IP address.
    3. Give the IP address a name. For example, my-cluster-ip.
    4. Click Reserve. GCP assigns an IP address.
    5. In the Port field, enter 8443.
    6. Click Done to complete front end configuration.
  8. Review your load balancer configuration and click Create.

Create the Cluster

Follow the procedures in the Create a Kubernetes Cluster section of Creating Clusters. Use the GCP-assigned IP address from the previous step as the external hostname when you run the pks create-cluster command.

Configure Load Balancer Back End

To configure the back end of the load balancer, do the following:

  1. Record the ID for your master node VMs by doing one of the following:

    • Complete Identify Kubernetes Cluster Master VMs in Creating Clusters
    • Complete the following procedure:

      1. Log in to PKS by running the following command:

        pks login -a PKS-API -u USERNAME -k
        

        Where:

        • PKS-API is the domain name for the PKS API that you entered in Ops Manager > Enterprise PKS > PKS API > API Hostname (FQDN). For example, api.pks.example.com.
        • USERNAME is your user name.
      2. Locate the master node IP addresses by running the following command:

        pks cluster CLUSTER-NAME
        

        Where CLUSTER-NAME is the unique name for your cluster.

        From the output of this command, record the value of Kubernetes Master IP(s). This value lists the IP addresses of all master node VMs in the cluster.

      3. Navigate to the Google Cloud Platform console.

      4. From the sidebar menu, navigate to Compute Engine > VM instances.

      5. Filter the VMs using the network name you provided when you deployed Ops Manager on GCP.

      6. Record the IDs of the master node VMs associated with the IP addresses you recorded in the above step. The above IP addresses appear under the Internal IP column.

  2. In the Google Cloud Platform console, from the sidebar menu, navigate to Network Services > Load balancing.

  3. Select the load balancer you created for the cluster and click Edit.

  4. Click Backend configuration and configure the following settings:

    1. Select all the master node VMs for your cluster from the dropdown.

      Warning: If master VMs are recreated for any reason, such as a stemcell upgrade, you must reconfigure the load balancer to target the new master VMs. For more information, see the Reconfigure Load Balancer section below.

    2. Specify any other configuration options you require and click Update to complete back end configuration.

      Note: For clusters with multiple master node VMs, health checks on port 8443 are recommended.

Create a Network Tag

Perform the following steps to create a network tag:

  1. In the Google Cloud Platform sidebar menu, select Compute Engine > VM instances.
  2. Filter to find the master instances of your cluster. Type master in the Filter VM Instances search box and press Enter.
  3. Click the name of the master instances. The VM instance details menu opens.
  4. Click Edit.
  5. Click in the Network tags field and type a human-readable name in lower case letters. Press Enter to create the network tag.
  6. Scroll to the bottom of the screen and click Save.

Create Firewall Rules

Perform the following steps to create firewall rules:

  1. In the Google Cloud Platform sidebar menu, select VPC Network > Firewall Rules.
  2. Click Create Firewall Rule. The Create a firewall rule menu opens.
  3. Give your firewall rule a human-readable name in lower case letters. For ease of use, you may want to align this name with the name of the load balancer you created in Create a GCP Load Balancer.
  4. In the Network menu, select the VPC network on which you have deployed the PKS tile.
  5. In the Direction of traffic field, select Ingress.
  6. In the Action on match field, select Allow.
  7. Confirm that the Targets menu is set to Specified target tags and enter the tag you made in Create a Network Tag in the Target tags field.
  8. In the Source filter field, choose an option to filter source traffic.
  9. Based on your choice in the Source filter field, specify IP addresses, Subnets, or Source tags to allow access to your cluster.
  10. In the Protocols and ports field, choose Specified protocols and ports and enter the port number you specified in Create a GCP Load Balancer, prepended by tcp:. For example: tcp:8443.
  11. Specify any other configuration options you require and click Done to complete front end configuration.
  12. Click Create.

Access the Cluster

Perform the following steps to complete cluster configuration:

  1. From your local workstation, run pks get-credentials CLUSTER-NAME. This command creates a local kubeconfig that allows you to manage the cluster. For more information about the pks get-credentials command, see Retrieving Cluster Credentials and Configuration.

  2. Run kubectl cluster-info to confirm you can access your cluster using the Kubernetes CLI.

See Managing PKS for information about checking cluster health and viewing cluster logs.

Reconfigure Load Balancer

If Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.

To reconfigure your GCP cluster load balancer to use the new master VMs, do the following:

  1. Locate the VM IDs of the new master node VMs for the cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.
  2. Navigate to the GCP console.
  3. In the sidebar menu, select Network Services > Load balancing.
  4. Select your cluster load balancer and click Edit.
  5. Click Backend configuration.
  6. Click Select existing instances.
  7. Select the new master VM IDs from the dropdown. Use the VM IDs you located in the first step of this procedure.
  8. Click Update.

Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub