Creating and Configuring an Azure Load Balancer for Enterprise PKS Clusters

Page last updated:

This topic describes how to create and configure an Azure load balancer for your Enterprise Pivotal Container Service (Enterprise PKS) cluster. Using an Azure load balancer is optional, but you may want to add one to your Kubernetes cluster to manage the cluster using the PKS API and Kubernetes CLI (kubectl).

A load balancer is a third-party device that distributes network and application traffic across resources. You can use a load balancer to secure and facilitate access to a Enterprise PKS cluster from outside the network. Using a load balancer can also prevent individual network components from being overloaded by high traffic.

Note: If your Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs. For instructions, see Reconfigure Load Balancer.

Prerequisites

To complete the steps below, you must identify the PKS API virtual machine (VM). You can find the name in the following ways:

  • In the Azure Dashboard, locate the VM tagged with instance_group:pivotal-container-service.
  • On the command line, run bosh vms.

Create and Configure a Load Balancer

Follow the steps below to create and configure an Azure load balancer for your Enterprise PKS cluster.

Create Load Balancer

  1. In a browser, navigate to the Azure Dashboard.
  2. Open the Load Balancers service.
  3. Click Add.
  4. On the Create load balancer page, complete the form as follows:
    1. Name: Name the load balancer.
    2. Type: Select Public.
    3. SKU: Select Standard.
    4. Public IP address: Select Create new and name the new IP address.
    5. Availability zone: Select an availability zone or Zone-redundant.
    6. Subscription: Select the subscription which has Enterprise PKS deployed.
    7. Resource group: Select the resource group which has Enterprise PKS deployed.
    8. Location: Select the location group which has Enterprise PKS deployed.
  5. Click Create.

Create Backend Pool

  1. From the Azure Dashboard, open the Load Balancers service.
  2. Click the name of the load balancer that you created in Create Load Balancer.
  3. On your load balancer page, locate and record the IP address of your load balancer.
  4. In the Settings menu, select Backend pools.
  5. On the Backend pools page, click Add.
  6. On the Add backend pool page, complete the form as follows:
    1. Name: Name the backend pool.
    2. Virtual network: Select the virtual network where the PKS API VM is deployed.
    3. Virtual machine: Select all of the master VMs for your cluster. For information about identifying the master VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.
  7. Click Add.

Create Health Probe

  1. From the Azure Dashboard, open the Load Balancers service.
  2. In the Settings menu, select Health probes.
  3. On the Health probes page, click Add.
  4. On the Add health probe page, complete the form as follows:
    1. Name: Name the health probe.
    2. Protocol: Select TCP.
    3. Port: Enter 8443.
    4. Interval: Enter the interval of time to wait between probe attempts.
    5. Unhealthy Threshold: Enter a number of consecutive probe failures that must occur before a VM is considered unhealthy.
  5. Click OK.

Create Load Balancing Rule

  1. From the Azure Dashboard, open the Load Balancers service.
  2. In the Settings menu, select Load Balancing Rules.
  3. On the Load balancing rules page, click Add.
  4. On the Add load balancing rules page, complete the form as follows:
    1. Name: Name the load balancing rule.
    2. IP Version: Select IPv4.
    3. Frontend IP address: Select the appropriate IP address. Clients communicate with your load balancer on the selected IP address and service traffic is routed to the target VM by this NAT rule.
    4. Protocol: Select TCP.
    5. Port: Enter 8443.
    6. Backend port: Enter 8443.
    7. Backend Pool: Select the backend pool that you created in Create Backend Pool.
    8. Health Probe: Select the health probe that you created in Create Health Probe.
    9. Session persistence: Select None.
  5. Click OK.

Create Inbound Security Rule

  1. From the Azure Dashboard, open the Security Groups service.
  2. Click the name of the Security Group attached to the subnet where PKS API is deployed. If you deployed Enterprise PKS using Terrform, the name of the Security Group ends with the suffix bosh-deployed-vms-security-group.
  3. In the Settings menu for your security group, select Inbound security rules.
  4. Click Add.
  5. On the Add inbound security rule page, click Advanced and complete the form as follows:
    1. Name: Name the inbound security rule.
    2. Source: Select Any.
    3. Source port range: Enter *.
    4. Destination: Select Any.
    5. Destination port range: Enter 8443.
  6. Click OK.

Verify Hostname Resolution

Verify that the External hostname used when creating a Kubernetes cluster resolves to the IP address of the load balancer.

For more information, see Create a Kubernetes Cluster in Creating Clusters.

Reconfigure Load Balancer

If your Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.

To reconfigure your Azure cluster load balancer to use the new master VMs, do the following:

  1. Identify the VM IDs of the new master node VMs for the cluster. For information about identifying the master VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.
  2. In a browser, navigate to the Azure Dashboard.
  3. Open the Load Balancers service.
  4. Select the load balancer for your cluster.
  5. In the Settings menu, select Backend pools.
  6. Update the VMs list with the new master VM IDs.
  7. Click Save.

Please send any feedback you have to pks-feedback@pivotal.io.