LATEST VERSION: v1.2 - RELEASE NOTES
Pivotal Container Service v1.2

Configuring an AWS Load Balancer for PKS Clusters

This topic describes how to configure a Amazon Web Services (AWS) load balancer for your Pivotal Container Service (PKS) cluster. Using an AWS load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster using the PKS API and kubectl

A load balancer is a third-party device that distributes network and application traffic across resources. You can use a load balancer to secure and facilitate access to a PKS cluster from outside the network. Using a load balancer can also prevent individual network components from being overloaded by high traffic.

You can also reconfigure your AWS load balancers. If Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs.

Prerequisites

The procedures in this topic have the following prerequisites:

  • To complete these procedures, you must have already configured a separate external load balancer to access the PKS API. For information about configuring the PKS API load balancer, see Creating an AWS Load Balancer for the PKS API.
  • The version of the PKS CLI you are using must match the version of the PKS tile you are installing.

Note: This procedure uses example commands which you should modify to represent the details of your PKS installation.

Configure AWS Load Balancer

Step 1: Define Load Balancer

To define your load balancer using AWS, you must provide a name, select a VPC, specify listeners, and select subnets where you want to create the load balancer.

Perform the following steps:

  1. In a browser, navigate to the AWS Management Console.
  2. Under Compute, click EC2.
  3. In the EC2 Dashboard, under Load Balancing, click Load Balancers.
  4. Click Create Load Balancer.
  5. Under Classic Load Balancer, click Create.
  6. On the Define Load Balancer page, complete the Basic Configuration section as follows:
  7. Load Balancer name: Name the load balancer. Pivotal recommends that you name your load balancer k8s-master-<uuid>.
    1. Create LB inside: Select the VPC where you installed Ops Manager.
    2. Create an internal load balancer: Do not enable this checkbox. The cluster load balancer must be internet-facing.
  8. Complete the Listeners Configuration section as follows:
    1. Configure the first listener as follows.
      • Under Load Balancer Protocol, select TCP.
      • Under Load Balancer Port, enter 8443.
      • Under Instance Protocol, select TCP.
      • Under Instance Port, enter 8443.
  9. Under Select Subnets, select the public subnets for your load balancer in the availability zones where you want to create the load balancer.
  10. Click Next: Assign Security Groups.

Step 2: Assign Security Groups

Perform the following steps to assign security groups:

  1. On the Assign Security Groups page, select one of the following:

    • Create a new security group: Complete the security group configuration as follows:
      1. Security group name: Name your security group.
      2. Confirm that your security group includes Protocol TCP with Ports 8443.
    • Select an existing security group: Select the default security group. The default security group includes includes Protocol TCP with Ports 8443.
  2. Click Next: Configure Security Settings.

Step 3: Configure Security Settings

On the Configure Security Settings page, ignore the warning. SSL termination is done on the Kubernetes API.

Step 4: Configure Health Check

Perform the following steps to configure the health check:

  1. On the Configure Health Check page, set the Ping Protocol to TCP.

  2. For Ping Port, enter 8443.

  3. Click Next: Add EC2 Instances.

Step 5: Add EC2 Instances

Perform the following steps to add EC2 instances:

  1. On the Add EC2 Instances page, select all master VMs for your cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.

  2. Click Add Tags.

Step 6: (Optional) Add Tags

Optionally perform the following steps to add tags:

  1. (Optional) Add tags to your resources to help organize and identify them. Each tag consists of a case-sensitive key-value pair.

  2. Click Review and Create.

Step 7: Review and Create

Perform the following steps to review your load balancer details and create your load balancer:

  1. On the Review page, review your load balancer details and edit any as necessary.

  2. Click Create.

Step 8: Point Cluster Address to Load Balancer

Point the address provided when creating the cluster (--external-hostname) to the load balancer.

This step is required because the certificate provided in the kubeconfig is valid for the cluster external hostname.

Reconfigure AWS Load Balancer

If Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.

To reconfigure your AWS cluster load balancer to use the new master VMs, do the following:

  1. Locate the VM IDs of the new master node VMs for the cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Master VMs in Creating Clusters.
  2. Navigate to the AWS console.
  3. Under EC2, select Load balancers.
  4. Select the load balancer and click Edit instances.
  5. Select the new master nodes in the list of VMs.
  6. Click Save.

Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub