Load Balancers

A Load balancer in Managed Kubernetes is used to distribute incoming traffic between pods.

Create a Load Balancer

To create a load balancer for Kubernetes, create a manifest with a Service of the LoadBalancer type.

An Example of Creating a Load Balancer

apiVersion: v1
kind: Service
metadata:
  name: loadbalancer-name
  labels:
    app: nginx
  annotations:
    loadbalancer.openstack.org/keep-floatingip: "true"
spec:
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - port: 80
    protocol: TCP

The created load balancer will appear in the Control panel under Cloud platform ⟶ Load balancers.

Once created, we recommend performing all actions on the load balancers and volumes of the cluster only using kubectl.

Annotations

All additional parameters for the balancer are provided in the annotations block.

The instructions list frequently used annotations that may be useful when creating a load balancer or, in some cases, for an already created balancer.

Flavor and Load Balancer Type

Without specifying an annotation, by default, a load balancer with the Basic HA type is created.

To create a load balancer with a different type, use the following annotation:

loadbalancer.openstack.org/flavor-id: "<flavor_id>"

Specify the <flavor_id> — load balancer flavor ID that you can get by running the openstack loadbalancer flavor list -c id -c name command.

You cannot change the type in the created balancer, you have to create a new manifest with the required annotation.

Create a Load Balancer without the Public IP

Without specifying an annotation, by default, a load balancer with a public IP address is created.

To create a load balancer without a public IP, use the following annotation:

service.beta.kubernetes.io/openstack-internal-load-balancer: "true"

You cannot change the parameter in the created balancer, you have to create a new manifest with the required annotation.

Create a Load Balancer with the IP from Other Subnets

By default, the load balancer is created in the same network as the servers, and a public IP address is allocated for it.

You can create a load balancer on any other subnet — public, private, or cross-project.

1. Use the following annotation:

loadbalancer.openstack.org/subnet-id: "<subnet_id>"

Specify the <subnet_id> — subnet ID that you can get by running the openstack subnet list command 2. To avoid automatically creating a public IP address, add the following annotation:

service.beta.kubernetes.io/openstack-internal-load-balancer: "true"

3. Specify the IP address from the specified subnet in the loadBalancerIP field:

spec:
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - port: 80
    protocol: TCP
    name: http
  loadBalancerIP: "<IP_address>"

You cannot change the annotation in the created balancer, you have to create a new manifest with the required annotation.

Add Connection Parameters

The following annotations are used to manage the parameters of connections to the balancer or between the balancer and the servers:

• Maximum number of connections
• Connection timeout for incoming requests
• Connection timeout for load balancer requests to servers
• Inactivity timeout
• TCP time wait timeout

The connection parameters specified in the annotations are displayed in the Control panel under Cloud Platform ⟶ Load Balancers ⟶ Balancer page ⟶ Connections tab.

Maximum Connections

To specify the maximum connections for a balancer rule, use the following annotation:

loadbalancer.openstack.org/connection-limit: "<value>"

Specify the <value> — the maximum number of connections per second. The default value is “-1” (not limited).

You can update this parameter in the already created balancer.

In the Control panel, the parameter is displayed under Incoming request ⟶ load balancer ⟶ Maximum connect.

Connection Timeout for Incoming Requests

To specify a connection timeout for incoming requests, use the following annotation:

loadbalancer.openstack.org/timeout-client-data: "<value>"

Specify the <value> — timeout value in milliseconds. The default value is "50000".

You can update this parameter in the already created balancer.

In the Control panel, the parameter is displayed under Incoming request ⟶ load balancer ⟶ Connection timeout, ms.

Connection Timeout for Balancer Requests to Servers

To specify a connection timeout for balancer requests to servers, use the following annotation:

loadbalancer.openstack.org/timeout-member-connect: "<value>"

Specify the <value> — timeout value in milliseconds. The default value is "5000".

You can update this parameter in the already created balancer.

In the Control panel, the parameter is displayed under Load balancer ⟶ servers ⟶ Connection timeout, ms.

Inactivity Timeout

The inactivity timeout for balancer requests to servers is the period of time a current connection is considered «live» even if data is not being transferred.

To specify the inactivity timeout, use the following annotation:

loadbalancer.openstack.org/timeout-member-data: "<value>"

Specify the <value> — timeout value in milliseconds. The default value is "50000".

You can update this parameter in the already created balancer.

In the Control panel, the parameter is displayed under Load balancer ⟶ servers ⟶ Inactivity timeout, ms.

TCP Time Wait Timeout

When establishing a new TCP session, data is not always transferred right away. This parameter determines the period of time the balancer will wait for data to be transferred in an already established connection.

To specify the TCP time wait timeout for balancer requests to servers, use the following annotation:

loadbalancer.openstack.org/timeout-tcp-inspect: "<value>"

Specify the <value> — timeout value in milliseconds. The default value is "0".

You can update this parameter in the already created balancer.

In the Control panel, the parameter is displayed under Load balancer ⟶ servers ⟶ TCP time wait timeout, ms.

Enable Rule Checks

To enable or disable rule checks, use the following annotation:

loadbalancer.openstack.org/enable-health-monitor: "<value>"

Specify the <value> — "true" for enabling and "false" for disabling. The default value is "true".

You can update this parameter in the already created balancer.

Add the X-Forwarded-For Header

Without specifying an annotation, the balancer passes only the original body of the HTTP request to the server, replacing the client’s IP address with its own.

To ensure that servers receive this information for proper operation or analysis, add the X-Forwarded-For header in the request to the server. Use the following annotation:

loadbalancer.openstack.org/x-forwarded-for: "true"

The rule will use the HTTP ⟶ HTTP scheme instead of TCP ⟶ TCP.

The parameter cannot be changed in the already created balancer — you need to create a new manifest with the required annotation.

Add the TCP ⟶ Proxy Rule

The PROXY protocol is used to transfer connection information from the source requesting the connection to the destination for which the connection was requested.

The logs of the pod to which the connection is made through the balancer with the TCP ⟶ PROXY rules will show the real IP address of the connecting client, not the address of the balancer.

To create a balancer with the TCP ⟶ PROXY rule, use the following annotation:

loadbalancer.openstack.org/proxy-protocol: "true"

The parameter cannot be changed in the already created balancer — you need to create a new manifest with the required annotation.

Save the Public IP Address

If you want to save the public IP address when recreating the balancer, use the following annotation:

loadbalancer.openstack.org/keep-floating-ip: "true"

Specify this or another public IP address in the loadBalancerIP field:

spec:
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - port: 80
    protocol: TCP
    name: http
  loadBalancerIP: "<IP_address>"

You can use the annotation in the already created balancer.