Configuring an AWS Load Balancer for PKS Clusters
This topic describes how to configure a Amazon Web Services (AWS) load balancer for your Pivotal Container Service (PKS) cluster.
Using an AWS load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster using the PKS API and
A load balancer is a third-party device that distributes network and application traffic across resources. You can use a load balancer to secure and facilitate access to a PKS cluster from outside the network. Using a load balancer can also prevent individual network components from being overloaded by high traffic.
You can also reconfigure your AWS load balancers. If Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs.
The procedures in this topic have the following prerequisites:
- To complete these procedures, you must have already configured a separate external load balancer to access the PKS API. For information about configuring the PKS API load balancer, see Creating an AWS Load Balancer for the PKS API.
- The version of the PKS CLI you are using must match the version of the PKS tile you are installing.
Note: This procedure uses example commands which you should modify to represent the details of your PKS installation.
To define your load balancer using AWS, you must provide a name, select a VPC, specify listeners, and select subnets where you want to create the load balancer.
Perform the following steps:
- In a browser, navigate to the AWS Management Console.
- Under Compute, click EC2.
- In the EC2 Dashboard, under Load Balancing, click Load Balancers.
- Click Create Load Balancer.
- Under Classic Load Balancer, click Create.
- On the Define Load Balancer page, complete the Basic Configuration section as follows:
- Load Balancer name: Name the load balancer. Pivotal recommends that you name your load balancer
- Create LB inside: Select the VPC where you installed Ops Manager.
- Create an internal load balancer: Do not enable this checkbox. The cluster load balancer must be internet-facing.
- Complete the Listeners Configuration section as follows:
- Configure the first listener as follows.
- Under Load Balancer Protocol, select TCP.
- Under Load Balancer Port, enter
- Under Instance Protocol, select TCP.
- Under Instance Port, enter
- Configure the first listener as follows.
- Under Select Subnets, select the public subnets for your load balancer in the availability zones where you want to create the load balancer.
- Click Next: Assign Security Groups.
Perform the following steps to assign security groups:
On the Assign Security Groups page, select one of the following:
- Create a new security group: Complete the security group
configuration as follows:
- Security group name: Name your security group.
- Confirm that your security group includes Protocol
- Select an existing security group: Select the default security group.
The default security group includes includes Protocol
- Create a new security group: Complete the security group configuration as follows:
Click Next: Configure Security Settings.
On the Configure Security Settings page, ignore the warning. SSL termination is done on the Kubernetes API.
Perform the following steps to configure the health check:
On the Configure Health Check page, set the Ping Protocol to
For Ping Port, enter
Click Next: Add EC2 Instances.
Perform the following steps to add EC2 instances:
On the Add EC2 Instances page, select all master VMs for your cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.
Click Add Tags.
Optionally perform the following steps to add tags:
(Optional) Add tags to your resources to help organize and identify them. Each tag consists of a case-sensitive key-value pair.
Click Review and Create.
Perform the following steps to review your load balancer details and create your load balancer:
On the Review page, review your load balancer details and edit any as necessary.
Point the address provided when creating the cluster (
--external-hostname) to the load balancer.
This step is required because the certificate provided in the kubeconfig is valid for the cluster external hostname.
If Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.
To reconfigure your AWS cluster load balancer to use the new master VMs, do the following:
- Locate the VM IDs of the new master node VMs for the cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.
- Navigate to the AWS console.
- Under EC2, select Load balancers.
- Select the load balancer and click Edit instances.
- Select the new master nodes in the list of VMs.
- Click Save.
Please send any feedback you have to firstname.lastname@example.org.