Configuring an Azure Load Balancer for the TKGI API

Page last updated:

This topic describes how to create a load balancer for the VMware Tanzu Kubernetes Grid Integrated Edition API using Azure.

Refer to the procedures in this topic to create a load balancer using Azure. To use a different load balancer, use this topic as a guide.

Overview

VMware recommends that you create a TKGI API load balancer when installing Tanzu Kubernetes Grid Integrated Edition on Azure. You simplify future upgrades of Tanzu Kubernetes Grid Integrated Edition by creating a load balancer when installing.

To configure your TKGI API Load Balancer on Azure, complete the following:

Create a Load Balancer

To create a new load balancer:

  1. In a browser, navigate to the Azure Dashboard.
  2. Open the Load Balancers service.
  3. To add a new load balancer, click Add and complete the Create load balancer form as follows:
    1. Name: Enter a name for the load balancer.
    2. Type: Select Public.
    3. SKU: Select Standard.
    4. Public IP address: Select Create new.
    5. Public IP address name: Enter the name for the new IP address.
    6. Availability zone: Select an availability zone or Zone-redundant.
    7. Subscription: Select the subscription where Tanzu Kubernetes Grid Integrated Edition has been deployed.
    8. Resource group: Select the resource group where Tanzu Kubernetes Grid Integrated Edition has been deployed.
    9. Location: Select the location group where Tanzu Kubernetes Grid Integrated Edition has been deployed.
    10. Click Create.

Create a Backend Pool

An Azure backend pool is a logical grouping of instances that receive similar traffic.

To create a backend pool for your load balancer:

  1. From the Azure Dashboard, open the Load Balancers service.
  2. Click the name of the load balancer that you created in Create Load Balancer above.
  3. On your load balancer page, locate and record the IP address of your load balancer.
  4. In the Settings menu, select Backend pools.
  5. To add a new backend pool, click Add and complete the Backend pools form as follows:
    1. Name: Enter the name for the backend pool.
    2. Click Add.

For information about Azure backend pools, see Backend pools in the Azure documentation. For more information about configuring your backend pool, see Remove or add VMs from the backend pool in the Azure documentation.

Create Health Probes

To create health probes for your load balancer and UAA:

  1. From the Azure Dashboard, open the Load Balancers service.
  2. To open the Health probes page, select Health probes in the Settings menu.
  3. To create a new TKGI API server health probe, click Add and complete the form as follows:
    1. Name: Enter the name for the health probe.
    2. Protocol: Select TCP.
    3. Port: Enter 9021.
    4. Interval: Enter the interval of time to wait between probe attempts.
    5. Unhealthy Threshold: Enter a number of consecutive probe failures that must occur before a VM is considered unhealthy.
  4. To create a new UAA health probe, click Add and complete the form as follows:
    1. Name: Enter the name for the UAA health probe.
    2. Protocol: Select TCP.
    3. Port: Enter 8443.
    4. Interval: Enter the interval of time to wait between probe attempts.
    5. Unhealthy Threshold: Enter a number of consecutive probe failures that must occur before a VM is considered unhealthy.
  5. Click OK.

Create Load Balancing Rules

To create load balancer rules for your load balancer:

  1. From the Azure Dashboard, open the Load Balancers service.
  2. To open the Load balancing rules page, select Load Balancing Rules in the Settings menu.
  3. To create a new TKGI API server load balancer rule, click Add and complete the Add load balancing rules form as follows:
    1. Name: Enter a name for the load balancing rule.
    2. IP Version: Select IPv4.
    3. Frontend IP address: Select the appropriate IP address. Clients communicate with your load balancer on the selected IP address and service traffic is routed to the target VM by this NAT rule.
    4. Protocol: Select TCP.
    5. Port: Enter 9021.
    6. Backend port: Enter 9021.
    7. Health Probe: Select the TKGI API server health probe that you created in Create Health Probe above.
    8. Session persistence: Select None.
  4. To create a new UAA load balancer rule, click Add and complete the Add load balancing rules form as follows:
    1. Name: Enter a name for the UAA load balancing rule.
    2. IP Version: Select IPv4.
    3. Frontend IP address: Select the appropriate IP address. Clients communicate with your load balancer on the selected IP address and service traffic is routed to the target VM by this NAT rule.
    4. Protocol: Select TCP.
    5. Port: Enter 8443.
    6. Backend port: Enter 8443.
    7. Health Probe: Select the UAA health probe that you created in Create Health Probe above.
    8. Session persistence: Select None.
  5. Click OK.

Create an Inbound Security Rule

To create an inbound security rule for your load balancer:

  1. From the Azure Dashboard, open the Network Security Groups service.
  2. Click the name of the Security Group attached to the subnet where the TKGI API is deployed.
  3. To open the Inbound security rules page, select Inbound security rules in the Settings menu for your security group.
  4. To add a new inbound security rule, click Add and complete the Add inbound security rule form as follows:
    1. Click Advanced.
    2. Name: Enter the name for the inbound security rule.
    3. Source: Select Any.
    4. Source port range: Enter *.
    5. Destination: Select Any.
    6. Destination port range: Enter 9021,8443.
    7. Click OK.

Add the TKGI API to the Backend Pool

To assign a load balancer to the TKGI API VM and add the TKGI API VM to the backend pool:

  1. Open Ops Manager to the Installation Dashboard pane.
  2. Click the Tanzu Kubernetes Grid Integrated Edition tile.
  3. Open the Resource Config pane.
  4. Select TKGI API.
  5. Review Load Balancers.
  6. If Load Balancers does not include the load balancer to use for the TKGI API VM:
    1. Input the load balancer to use for TKGI API VM.
    2. Click Apply Changes.

For information about Azure backend pools, see Backend pools in the Azure documentation. For more information about configuring your backend pool, see Remove or add VMs from the backend pool in the Azure documentation.

Verify TKGI API Hostname Resolution

To verify that your TKGI API hostname resolves correctly:

  1. Open Ops Manager to the Installation Dashboard pane.
  2. Click the Tanzu Kubernetes Grid Integrated Edition tile.
  3. Select TKGI API.
  4. Record the API Hostname (FQDN).
  5. Verify that the TKGI API hostname resolves to the IP address of the load balancer.

Next Step

After you have configured an Azure load balancer for the TKGI API, complete the Tanzu Kubernetes Grid Integrated Edition installation by returning to the Install the TKGI and Kubernetes CLIs step of Installing Tanzu Kubernetes Grid Integrated Edition on Azure.


Please send any feedback you have to pks-feedback@pivotal.io.