Configuring an Azure Load Balancer for the PKS API

Page last updated:

This topic describes how to create a load balancer for the Pivotal Container Service (PKS) API using Azure.

Refer to the procedures in this topic to create a load balancer using Azure. To use a different load balancer, use this topic as a guide.

Prerequisites

To complete the steps below, you must identify the PKS API virtual machine (VM). You can find the name in the following ways:

  • In the Azure Dashboard, locate the VM tagged with instance_group:pivotal-container-service.
  • On the command line, run bosh vms.

Create Health Probe

  1. From the Azure Dashboard, open the Load Balancers service.
  2. In the Settings menu, select Health probes.
  3. On the Health probes page, click Add.
  4. On the Add health probe page, complete the form as follows:
    1. Name: Name the health probe.
    2. Protocol: Select TCP.
    3. Port: Enter 9021.
    4. Interval: Enter the interval of time to wait between probe attempts.
    5. Unhealthy Threshold: Enter a number of consecutive probe failures that must occur before a VM is considered unhealthy.
  5. Click OK.

Create Load Balancing Rule

  1. From the Azure Dashboard, open the Load Balancers service.
  2. In the Settings menu, select Load Balancing Rules.
  3. On the Load balancing rules page, click Add.
  4. On the Add load balancing rules page, complete the form as follows:
    1. Name: Name the load balancing rule.
    2. IP Version: Select IPv4.
    3. Frontend IP address: Select the appropriate IP address. Clients communicate with your load balancer on the selected IP address and service traffic is routed to the target VM by this NAT rule.
    4. Protocol: Select TCP.
    5. Port: Enter 9021.
    6. Backend port: Enter 9021.
    7. Health Probe: Select the health probe that you created in Create Health Probe.
    8. Session persistence: Select None.
  5. Click OK.

Create Inbound Security Rule

  1. From the Azure Dashboard, open the Security Groups service.
  2. Click the name of the Security Group attached to the subnet where PKS API is deployed. If you deployed PKS using Terrform, the name of the Security Group ends with the suffix bosh-deployed-vms-security-group.
  3. In the Settings menu for your security group, select Inbound security rules.
  4. Click Add.
  5. On the Add inbound security rule page, click Advanced and complete the form as follows:
    1. Name: Name the inbound security rule.
    2. Source: Select Any.
    3. Source port range: Enter *.
    4. Destination: Select Any.
    5. Destination port range: Enter 9021,8443.
  6. Click OK.

Verify Hostname Resolution

  1. In a browser, log into Ops Manager.
  2. Click the PKS tile.
  3. Select PKS API.
  4. Record the API Hostname (FQDN).
  5. Verify that the API hostname resolves to the IP address of the load balancer.

Next Step

After you have configured an Azure load balancer for the PKS API, complete the PKS installation by returning to the Install the PKS and Kubernetes CLIs step of Installing PKS on Azure.


Please send any feedback you have to pks-feedback@pivotal.io.