LATEST VERSION: v1.2 - RELEASE NOTES
Pivotal Container Service v1.2

Creating an AWS Load Balancer for the PKS API

Page last updated:

This topic describes how to create a load balancer for the PKS API using Amazon Web Services (AWS).

Before you install PKS, you must configure an external TCP load balancer to access the PKS API from outside the network. You can use any external TCP load balancer of your choice.

Refer to the procedures in this topic to create a load balancer using AWS. If you choose to use a different load balancer, use this topic as a guide.

Step 1: Define Load Balancer

To define your load balancer using AWS, you must provide a name, select a VPC, specify listeners, and select subnets where you want to create the load balancer. Perform the following steps:

  1. In a browser, navigate to the AWS Management Console.
  2. Under Compute, click EC2.
  3. In the EC2 Dashboard, under Load Balancing, click Load Balancers.
  4. Click Create Load Balancer.
  5. Under Classic Load Balancer, click Create.
  6. On the Define Load Balancer page, complete the Basic Configuration section as follows:
    1. Load Balancer name: Name the load balancer. Pivotal recommends that you name your load balancer pks-api.
    2. Create LB inside: Select the VPC where you installed Ops Manager.
    3. Create an internal load balancer: Do not enable this checkbox. The PKS API load balancer must be internet-facing.
  7. Complete the Listeners Configuration section as follows:
    1. Configure the first listener as follows.
      • Under Load Balancer Protocol, select TCP.
      • Under Load Balancer Port, enter 8443.
      • Under Instance Protocol, select TCP.
      • Under Instance Port, enter 8443.
    2. Click Add.
      • Under Load Balancer Protocol, select TCP.
      • Under Load Balancer Port, enter 9021.
      • Under Instance Protocol, select TCP.
      • Under Instance Port, enter 9021.
  8. Under Select Subnets, select the public subnets for your load balancer in the availability zones where you want to create the load balancer.
  9. Click Next: Assign Security Groups.

Step 2: Assign Security Groups

  1. On the Assign Security Groups page, select one of the following:

    • Create a new security group: Complete the security group configuration as follows:
      1. Security group name: Name your security group.
      2. Click Add Rule and complete the following fields:
        • Type: Select Custom TCP.
        • Port Range: Enter 8443.
        • Source: Select Custom and enter 0.0.0.0/0.
      3. Click Add Rule and complete the following fields:
        • Type: Select Custom TCP.
        • Port Range: Enter 9021.
        • Source: Select Custom and enter 0.0.0.0/0.
      4. Click Save.
    • Select an existing security group: Select the default security group. The default security group includes includes Protocol TCP with Ports 8443 and 9021.
  2. Click Next: Configure Security Settings.

Step 3: Configure Security Settings

On the Configure Security Settings page, ignore the warning. SSL termination is done on the PKS API server.

Step 4: Configure Health Check

  1. On the Configure Health Check page, set the Ping Protocol to TCP.

  2. For Ping Port, enter 9021.

  3. Click Next: Add EC2 Instances.

Step 5: Add EC2 Instances

  1. On the Add EC2 Instances page, select the EC2 instance beginning with the text pivotal-container-service-. This instance runs PKS.

  2. Click Add Tags.

Step 6: (Optional) Add Tags

  1. (Optional) Add tags to your resources to help organize and identify them. Each tag consists of a case-sensitive key-value pair.

  2. Click Review and Create.

Step 7: Review and Create

  1. On the Review page, review your load balancer details and edit any as necessary.

  2. Click Create.

Step 8: Register the PKS API FQDN

Two ways exist to register the PKS API fully qualified domain name (FQDN). Select the process that meets your needs based on how you manage DNS.

Option 1: Record Load Balancer FQDN

When you install and configure the PKS tile, you must supply the FQDN of the load balancer to secure the PKS API. To view the FQDN of the load balancer, perform the following steps:

  1. In the EC2 Dashboard, under Load Balancing, click Load Balancers.
  2. Select the load balancer you created in the steps above.
  3. In the Description tab, view and record the FQDN of the load balancer.
  4. In the PKS tile, under API Hostname (FQDN), enter the FQDN of the load balancer.

For more information, see the the PKS API section of Installing PKS on AWS.

Option 2: Record Load Balancer FQDN with Route 53

You can create a DNS entry to point to the FQDN in the DNS management system of your choice. Below are the instructions that apply to Route 53. If you do not use Route 53, use these instructions as a guide.

  1. In a browser, navigate to the AWS Management Console.
  2. Under Networking & Content Delivery, click Route 53.
  3. Click Hosted zones.
  4. Under Domain Name, select the domain that matches the selected PKS API FQDN.
  5. Click Create Record Set
  6. In the Name field, add the missing part of the PKS API FQDN.
  7. For Alias, select Yes.
  8. For Alias Target, select the load balancer that you created in the steps above.
  9. Click Create.
  10. In the PKS tile, under API Hostname (FQDN), enter the FQDN of the load balancer.

Next Steps

After you complete this procedure, follow the instructions in Installing PKS on AWS.


Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub