LATEST VERSION: v1.1 - RELEASE NOTES
Pivotal Container Service v1.1

Configuring a GCP Load Balancer for PKS Clusters

A load balancer is a third party device that distributes network and application traffic across resources. You can use a load balancer to secure and facilitate access to a PKS cluster from outside the network. Using a load balancer can also prevent individual network components from being overloaded by high traffic.

The procedure below explains how to create a Google Cloud Platform (GCP) load balancer for your PKS cluster. Using a GCP load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster via the PKS API and kubectl.

Overview

To configure a GCP load balancer with a PKS cluster, you must connect a load balancer to the cluster, funnel inbound traffic to the load balancer, and set a firewall rule to allow traffic into the cluster itself.

The steps of this procedure are summarized below:

First, use the GCP Console to create a load balancer for the a new cluster. Configure the frontend and backend of the load balancer; the backend configuration connects the load balancer to the PKS cluster, and the frontend configuration tells inbound traffic how to contact the load balancer successfully.

Next, create a network tag for the master VMs in your PKS cluster. This lets you associate a firewall rule with the master VMs, ensuring that traffic accessing the cluster via the load balancer is subject to the firewall rule.

Finally, configure a firewall rule with permission information about which types of traffic can access your cluster.

Prerequisites

  • To complete these procedures, you must have already configured a separate external load balancer to access the PKS API.
  • The version of the PKS CLI you are using must match the version of the PKS tile you are installing.

Note: This procedure uses example commands which you should modify to represent the details of your PKS installation.

Creating GCP Load Balancers for PKS Clusters

  1. Log in to the PKS API and create a cluster. For more information, see Create a Cluster.
  2. Navigate to Google Cloud Platform.
  3. In the sidebar menu, select Network Services > Load balancing.
  4. Click Create Load Balancer.
  5. In the TCP Load Balancing pane, click Start configuration.
  6. Click Continue. The New TCP load balancer menu opens.
  7. Enter a Name for your load balancer and click Backend configuration. The Backend configuration pane opens.

    Note: Configure a TCP Load Balancer with a human-readable name in lower case letters, such as your-pks-cluster-api.

  8. Configure the load balancer backend.
    1. Choose the Region in which the cluster is deployed.
    2. Click Select existing instances.
    3. Select all master VMs for your cluster from the dropdown. To locate the IP addresses and VM IDs of the master VMs, see Identify Kubernetes Cluster Master VMs.

      Breaking Change: If master VMs are recreated for any reason, such as a stemcell upgrade, you must reconfigure the load balancer to target the new master VMs. For more information, see the Reconfiguring a GCP Load Balancer section below.

    4. Specify any other configuration options you require and click Done to complete backend configuration.

      Note: For clusters with multiple master node VMs, health checks on port 8443 are recommended.

  9. Click Frontend configuration. The Frontend Configuration pane opens.
  10. Configure the load balancer frontend.
    1. Optional: Enter a human-readable name in lower case letters, such as pks-cluster-api.
    2. Click IP.
    3. Select Create IP address.
    4. Give the IP address a human-readable name and click Reserve.
    5. In the Port field, enter 8443.
    6. Click Done to complete frontend configuration.
  11. Review your load balancer configuration and click Create.

Creating a Network Tag

  1. In the Google Cloud Platform sidebar menu, select Compute Engine > VM instances.
  2. Filter to find the master instances of your cluster. Type master in the Filter VM Instances search box and press Enter.
  3. Click the name of the master instances. The VM instance details menu opens.
  4. Click Edit.
  5. Click in the Network tags field and type a human-readable name in lower case letters. Press Enter to create the network tag.
  6. Scroll to the bottom of the screen and click Save.

Creating Firewall Rules for Load Balancers

  1. In the Google Cloud Platform sidebar menu, select VPC Network > Firewall Rules.
  2. Click Create Firewall Rule. The Create a firewall rule menu opens.
  3. Give your firewall rule a human-readable name in lower case letters. For ease of use, you may want to align this name with the name of the load balancer you created in Creating Load Balancers for PKS Clusters.
  4. In the Network menu, select the VPC network on which you have deployed the PKS tile.
  5. In the Direction of traffic field, select Ingress.
  6. In the Action on match field, select Allow.
  7. Confirm that the Targets menu is set to Specified target tags and enter the tag you made in Creating a Network Tag in the Target tags field.
  8. In the Source filter field, choose an option to filter source traffic.
  9. Based on your choice in the Source filter field, specify IP addresses, Subnets, or Source tags to allow access to your cluster.
  10. In the Protocols and ports field, choose Specified protocols and ports and enter the port number you specified in Creating Load Balancers for PKS Clusters, prepended by tcp:. For example: tcp:8443.
  11. Specify any other configuration options you require and click Done to complete frontend configuration.
  12. Click Create.

Reconfiguring a GCP Load Balancer

If Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.

To reconfigure your GCP cluster load balancer to use the new master VMs, do the following:

  1. Locate the VM IDs of the new master node VMs for the cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Master VMs.
  2. Navigate to the GCP console.
  3. In the sidebar menu, select Network Services > Load balancing.
  4. Select your cluster load balancer and click Edit.
  5. Click Backend configuration.
  6. Click Select existing instances.
  7. Select the new master VM IDs from the dropdown. Use the VM IDs you located in the first step of this procedure.
  8. Click Update.
  9. In the sidebar menu, select Cloud DNS.
  10. Select the zone where your load balancer is deployed.
  11. Click Add record set.
  12. Under DNS Name, enter a subdomain for the load balancer. For example, to use my-cluster.example.com as your cluster hostname, enter my-cluster in this field.
  13. Select a Resource Record Type, TTL, and TTL Unit.
  14. Enter the IP address for the master node of the cluster. You located this IP address in the pks cluster output earlier in this procedure.
  15. Click Create.

Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub