-
Notifications
You must be signed in to change notification settings - Fork 68
/
azure-cluster-load-balancer.html.md.erb
141 lines (111 loc) · 6.91 KB
/
azure-cluster-load-balancer.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
title: Creating and Configuring an Azure Load Balancer for Tanzu Kubernetes Grid Integrated Edition Clusters
owner: TKGI
---
This topic describes how to create and configure a Microsoft Azure load balancer for your VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) cluster.
##<a id='overview'></a> Overview
A load balancer is a third-party device that distributes network and application traffic across resources.
You can use a load balancer to prevent individual network components from being overloaded by high traffic.
You can also use a load balancer to secure and facilitate access to a TKGI cluster from outside the network.
Using an Azure load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster using the TKGI API and Kubernetes CLI (`kubectl`).
For more information about the different types of load balancers used in a Tanzu Kubernetes Grid Integrated Edition deployment see [Load Balancers in TKGI](./about-lb.html).
<p class='note'><strong>Note:</strong> If your Kubernetes control plane node VMs are recreated for any
reason, you must reconfigure your cluster load balancers to point to the new control plane VMs. For
instructions, see <a href="#reconfigure">Reconfigure Load Balancer</a>.</p>
##<a id='prerequisites'></a> Prerequisites
To complete the steps below, you must identify the TKGI API VM. You can find
the name in the following ways:
* In the [Azure Dashboard](https://portal.azure.com), locate the VM tagged with
`instance_group:pivotal-container-service`.
* On the command line, run `bosh vms`.
## <a id='define-lb'></a>Create and Configure a Load Balancer
Follow the steps below to create and configure an Azure load balancer for your Tanzu Kubernetes Grid Integrated Edition cluster.
###<a id='create-load-balancer'></a> Create Load Balancer
1. In a browser, navigate to the [Azure Dashboard](https://portal.azure.com).
1. Open the **Load Balancers** service.
1. Click **Add**.
1. On the **Create load balancer** page, complete the form as follows:
1. **Name**: Name the load balancer.
1. **Type**: Select **Public**.
1. **SKU**: Select **Standard**.
1. **Public IP address**: Select **Create new** and name the new IP address.
1. **Availability zone**: Select an availability zone or **Zone-redundant**.
1. **Subscription**: Select the subscription which has Tanzu Kubernetes Grid Integrated Edition deployed.
1. **Resource group**: Select the resource group which has Tanzu Kubernetes Grid Integrated Edition deployed.
1. **Location**: Select the location group which has Tanzu Kubernetes Grid Integrated Edition deployed.
1. Click **Create**.
###<a id='create-backend-pool'></a> Create Backend Pool
1. From the Azure Dashboard, open the **Load Balancers** service.
1. Click the name of the load balancer that you created in [Create Load Balancer](#create).
1. On your load balancer page, locate and record the IP address of your load balancer.
1. In the **Settings** menu, select **Backend pools**.
1. On the **Backend pools** page, click **Add**.
1. On the **Add backend pool** page, complete the form as follows:
1. **Name**: Name the backend pool.
1. **Virtual network**: Select the virtual network where the TKGI API VM is deployed.
1. **Virtual machine**: Select all of the control plane VMs for your cluster. For information about
identifying the control plane VM IDs, see
[Identify Kubernetes Cluster Control Plane VMs](create-cluster.html#master-id) in _Creating Clusters_.
1. Click **Add**.
###<a id='create-health-probes'></a> Create Health Probe
1. From the Azure Dashboard, open the **Load Balancers** service.
1. In the **Settings** menu, select **Health probes**.
1. On the **Health probes** page, click **Add**.
1. On the **Add health probe** page, complete the form as follows:
1. **Name**: Name the health probe.
1. **Protocol**: Select **TCP**.
1. **Port**: Enter `8443`.
1. **Interval**: Enter the interval of time to wait between probe attempts.
1. **Unhealthy Threshold**: Enter a number of consecutive probe failures that must occur before
a VM is considered unhealthy.
1. Click **OK**.
###<a id='create-health-probes'></a> Create Load Balancing Rule
1. From the Azure Dashboard, open the **Load Balancers** service.
1. In the **Settings** menu, select **Load Balancing Rules**.
1. On the **Load balancing rules** page, click **Add**.
1. On the **Add load balancing rules** page, complete the form as follows:
1. **Name**: Name the load balancing rule.
1. **IP Version**: Select **IPv4**.
1. **Frontend IP address**: Select the appropriate IP address. Clients communicate with your load
balancer on the selected IP address and service traffic is routed to the target VM by this NAT
rule.
1. **Protocol**: Select **TCP**.
1. **Port**: Enter `8443`.
1. **Backend port**: Enter `8443`.
1. **Backend Pool**: Select the backend pool that you created in
[Create Backend Pool](#create-backend-pool).
1. **Health Probe**: Select the health probe that you created in
[Create Health Probe](#create-health-probes).
1. **Session persistence**: Select **None**.
1. Click **OK**.
###<a id='create-inbound-rule'></a> Create Inbound Security Rule
1. From the Azure Dashboard, open the **Security Groups** service.
1. Click the name of the Security Group attached to the subnet where the TKGI API is deployed.
1. In the **Settings** menu for your security group, select **Inbound security rules**.
1. Click **Add**.
1. On the **Add inbound security rule** page, click **Advanced** and complete the form as follows:
1. **Name**: Name the inbound security rule.
1. **Source**: Select **Any**.
1. **Source port range**: Enter `*`.
1. **Destination**: Select **Any**.
1. **Destination port range**: Enter `8443`.
1. Click **OK**.
###<a id='verify'></a> Verify Hostname Resolution
Verify that the **External hostname** used when creating a Kubernetes cluster resolves to the IP
address of the load balancer.
For more information, see [Create a Kubernetes Cluster](create-cluster.html#create) in
_Creating Clusters_.
## <a id="reconfigure"></a>Reconfigure Load Balancer
If your Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your cluster
load balancers to point to the new control plane VMs.
For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.
To reconfigure your Azure cluster load balancer to use the new control plane VMs, do the following:
1. Identify the VM IDs of the new control plane node VMs for the cluster. For information about
identifying the control plane VM IDs, see
[Identify Kubernetes Cluster Control Plane VMs](create-cluster.html#master-id) in _Creating Clusters_.
1. In a browser, navigate to the [Azure Dashboard](https://portal.azure.com).
1. Open the **Load Balancers** service.
1. Select the load balancer for your cluster.
1. In the **Settings** menu, select **Backend pools**.
1. Update the VMs list with the new control plane VM IDs.
1. Click **Save**.