Creating and Configuring an AWS Load Balancer for Enterprise PKS Clusters

Page last updated:

This topic describes how to configure a Amazon Web Services (AWS) load balancer for your Enterprise Pivotal Container Service (Enterprise PKS) cluster.

A load balancer is a third-party device that distributes network and application traffic across resources. Using a load balancer can also prevent individual network components from being overloaded by high traffic. For more information about the different types of load balancers used in a Enterprise PKS deployment see Load Balancers in PKS.

You can use an AWS Enterprise PKS cluster load balancer to secure and facilitate access to a Enterprise PKS cluster from outside the network. You can also reconfigure your AWS Enterprise PKS cluster load balancers.

Using an AWS Enterprise PKS cluster load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster using the PKS API and kubectl.

Note: If Kubernetes master node VMs are recreated for any reason, you must reconfigure your AWS PKS cluster load balancers to point to the new master VMs.

Prerequisite

The version of the PKS CLI you are using must match the version of the Enterprise PKS tile that you are installing.

Note: This procedure uses example commands which you should modify to represent the details of your Enterprise PKS installation.

Configure AWS Load Balancer

Step 1: Define Load Balancer

To define your load balancer using AWS, you must provide a name, select a VPC, specify listeners, and select subnets where you want to create the load balancer.

Perform the following steps:

  1. In a browser, navigate to the AWS Management Console.
  2. Under Compute, click EC2.
  3. In the EC2 Dashboard, under Load Balancing, click Load Balancers.
  4. Click Create Load Balancer.
  5. Under Classic Load Balancer, click Create.
  6. On the Define Load Balancer page, complete the Basic Configuration section as follows:
  7. Load Balancer name: Name the load balancer. Pivotal recommends that you name your load balancer k8s-master-CLUSTERNAME where CLUSTERNAME is a unique name that you provide when creating the cluster. For example, k8s-master-mycluster.
    1. Create LB inside: Select the VPC where you installed Ops Manager.
    2. Create an internal load balancer: Do not enable this checkbox. The cluster load balancer must be internet-facing.
  8. Complete the Listeners Configuration section as follows:
    1. Configure the first listener as follows.
      • Under Load Balancer Protocol, select TCP.
      • Under Load Balancer Port, enter 8443.
      • Under Instance Protocol, select TCP.
      • Under Instance Port, enter 8443.
  9. Under Select Subnets, select the public subnets for your load balancer in the availability zones where you want to create the load balancer.
  10. Click Next: Assign Security Groups.

Step 2: Assign Security Groups

Perform the following steps to assign security groups:

  1. On the Assign Security Groups page, select one of the following:

    • Create a new security group: Complete the security group configuration as follows:
      1. Security group name: Name your security group.
      2. Confirm that your security group includes Protocol TCP with Ports 8443.
    • Select an existing security group: Select the default security group. The default security group includes includes Protocol TCP with Ports 8443.
  2. Click Next: Configure Security Settings.

Step 3: Configure Security Settings

On the Configure Security Settings page, ignore the warning. SSL termination is done on the Kubernetes API.

Step 4: Configure Health Check

Perform the following steps to configure the health check:

  1. On the Configure Health Check page, set the Ping Protocol to TCP.

  2. For Ping Port, enter 8443.

  3. Click Next: Add EC2 Instances.

Step 5: Add EC2 Instances

Perform the following steps:

  1. Verify the settings under Availability Zone Distribution.

  2. Click Add Tags.

(Optional) Step 6: Add Tags

Perform the following steps to add tags:

  1. Add tags to your resources to help organize and identify them. Each tag consists of a case-sensitive key-value pair.

  2. Click Review and Create.

Step 7: Review and Create the Load Balancer

Perform the following steps to review your load balancer details and create your load balancer:

  1. On the Review page, review your load balancer details and edit any as necessary.

  2. Click Create.

Step 8: Create a Cluster

Create a Kubernetes cluster using the AWS-assigned address of your load balancer as the external hostname when you run the pks create-cluster command. For example:

$ pks create-cluster my-cluster \
    --external-hostname example111a6511e9a099028c856be95-155233362.eu-west-1.elb.amazonaws.com \
    --plan small --num-nodes 10

For more information, see Create a Kubernetes Cluster section of Creating Clusters.

Step 9: Point the Load Balancer to All Master VMs

  1. Locate the VM IDs of all master node VMs for your cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.
  2. Navigate to the AWS console.
  3. Under EC2, select Load balancers.
  4. Select the load balancer.
  5. On the Instances tab, click Edit instances.
  6. Select all master nodes in the list of VMs.
  7. Click Save.

Reconfigure AWS Load Balancer

If Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.

To reconfigure your AWS cluster load balancer to use the new master VMs, do the following:

  1. Locate the VM IDs of the new master node VMs for the cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.
  2. Navigate to the AWS console.
  3. Under EC2, select Load balancers.
  4. Select the load balancer.
  5. On the Instances tab, click Edit instances.
  6. Select the new master nodes in the list of VMs.
  7. Click Save.

Please send any feedback you have to pks-feedback@pivotal.io.