Create and delete load balancer

A load balancer distributes large amounts of traffic to multiple servers, supporting stable service operation. When creating a load balancer type service in Kubernetes Engine, based on the annotation options, either a Network Load Balancer (NLB) or an Application Load Balancer (ALB) will be created.

Create load balancer

The following describes how to create a load balancer in the Kubernetes Engine service.

Create load balancer in Multi-AZ cluster

In the kr-central-2 region, the cluster network can be set up to use different availability zones (AZs), enabling the creation of highly available Multi-AZ clusters. If a load balancer is created in a Multi-AZ cluster, a load balancer will be created in every AZ configured for the cluster network.

caution

If the node pool of a Multi-AZ cluster is configured in only one AZ, the cluster’s load balancer will still be created in all AZs. All load balancers (NLB or ALB) are subject to billing, so please take note.

Prerequisites

Step 1. Install and configure kubectl

To create a Service object in Kubernetes, install kubectl and configure it for cluster control. For detailed instructions on kubectl installation and control setup, refer to Configure kubectl control.

Step 2. Register and manage SSL certificates

To create an Application Load Balancer (ALB) and set the load balancer listener to TERMINATED_HTTPS in Kubernetes, an SSL certificate is required. Register and manage the SSL certificate for the ALB as follows.

Register certificate

1. Go to the Container Pack > Kubernetes Engine > 인증서 tab in the KakaoCloud Console.

2. In the Certification menu, click the [Register certificate] button.

3. In the certificate registration popup, enter the required information and click [Register].

4. Verify the registered certificate information in the certificate list.

Delete certificate

1. Go to the Container Pack > Kubernetes Engine > 인증서 tab in the KakaoCloud Console.

2. In the Certification menu, select the [More] icon next to the certificate to delete and click Delete certificate.

3. In the delete certificate popup, enter the necessary details and click [Delete].

Step 1. Check load balancer service specifications

Check the specifications of the load balancer service. In the example YAML file for a load balancer type service associated with app: nginx, check the following two items.

Item to Check	Value and Description
spec.type	Value: LoadBalancer   ᄂ Set service type to create a load balancer
metadata.annotations subfield of annotations	Set load balancer type Value loadbalancer.ke.kakaocloud.com/load-balancer-type   ᄂ NLB (default): Create Network Load Balancer   ᄂ ALB: Create Application Load Balancer   ᄂ If not set, defaults to creating a Network Load Balancer. Set public IP usage Value service.beta.kubernetes.io/openstack-internal-load-balancer   ᄂ true (default): Use private IP   ᄂ false: Use public IP

Check NLB load balancer service specifications

Check NLB load balancer service specifications

kind: Service
apiVersion: v1
metadata:
  name: default-http-nginx-service
  annotations:
    service.beta.kubernetes.io/openstack-internal-load-balancer: 'true'
    loadbalancer.ke.kakaocloud.com/load-balancer-type: 'NLB'
spec:
  selector:
    app: nginx
  type: LoadBalancer
  ports:
    - name: http
      port: 80
      targetPort: 80

Check ALB load balancer service specifications

Check ALB load balancer service specifications

kind: Service
apiVersion: v1
metadata:
  name: default-http-nginx-service
  annotations:
    service.beta.kubernetes.io/openstack-internal-load-balancer: 'true'
    loadbalancer.ke.kakaocloud.com/load-balancer-type: 'ALB'
    loadbalancer.openstack.org/default-tls-container-ref: 'https://key-manager.{enter the certificate path for the region}/v1/secrets/{enter certificate ID}'
spec:
  selector:
    app: nginx
  type: LoadBalancer
  ports:
    - name: http
      port: 80
      targetPort: 80

Step 2. Set load balancer type

Based on the load balancer type setting, either a Network Load Balancer (NLB) or an Application Load Balancer (ALB) will be created.

Create 'Network Load Balancer (NLB)'

When creating a load balancer type service in Kubernetes Engine, a Network Load Balancer (NLB) that operates at OSI Layer 4 (network layer) is created by default.
Set the annotations under metadata.annotations as follows.

Annotation Item	Value and Description
loadbalancer.ke.kakaocloud.com/load-balancer-type	Set to create Network Load Balancer (NLB) - Set to "NLB"

Create 'Application Load Balancer (ALB)'

When creating an Application Load Balancer (ALB) in Kubernetes Engine, it operates at OSI Layer 7 (application layer). Set the annotations under metadata.annotations as follows.

Annotation Item	Value and Description
loadbalancer.ke.kakaocloud.com/load-balancer-type	Set to create Application Load Balancer (ALB) - Set to "ALB"
loadbalancer.openstack.org/default-tls-container-ref	Listener protocol is set to 'TERMINATED_HTTPS', and SSL certificate setup is required - Enter "https://key-manager.kr-central-2.kakaoi.io/v1/secrets/{secret UUID}"   ᄂ Replace {secret UUID} with the certificate ID   ᄂ You can verify the certificate ID after pre-registering it in the certification tab of the console   ᄂ If an SSL certificate is not applied to the ALB, the listener protocol will be set to 'HTTP'

info

• When setting the ALB annotation, ensure that the certificate path corresponds to the region where the load balancer is created.
• The SSL certificate for the ALB must be applied when the ALB is first created, along with the certificate configuration annotation.
• If the certificate settings need to be changed, you must delete and recreate the Service object. Note that this will disconnect or delete the existing load balancer and create a new one.

Step 3. Configure public IP for the load balancer

You can configure whether to use a public IP when creating a load balancer.
Set the service.beta.kubernetes.io/openstack-internal-load-balancer value under metadata.annotations to configure public IP usage for the load balancer.

• To create a load balancer with a private IP, set the value to true (default)
• To create a load balancer with a public IP, set the value to false

caution

• Depending on the service.beta.kubernetes.io/openstack-internal-load-balancer setting, the load balancer’s public IP will either create and connect a new public IP or disconnect the public IP. If the value is set to false and a public IP was used, changing the value to true later will still result in the public IP being disconnected and subject to public IP billing.
• To delete the public IP used by the Kubernetes Engine load balancer, go to the Public IP menu under the VPC section of the KakaoCloud Console. For more details, refer to Create and manage public IP.

Appendix. Configure detailed load balancer options

When creating a load balancer in the Kubernetes Engine service, additional options can be configured. Check the annotations section in the example YAML file for the load balancer type service.

Option Item

Value and Description

metadata.annotations subfield of annotations

Delete public IP setting Value: - loadbalancer.ke.kakaocloud.com/delete-floatingip   ᄂ true: Deletes the public IP connected to the load balancer upon deletion   ᄂ false (default): Disconnects the public IP when the load balancer is deleted Health Check condition settings Value: - loadbalancer.openstack.org/health-monitor-timeout   ᄂ Set the maximum response time for load balancer health checks   ᄂ (Default): 30 if no detailed options are specified   ᄂ Condition: Value is set in seconds, with no restriction on the limit - loadbalancer.openstack.org/health-monitor-delay   ᄂ Set the interval for load balancer health checks   ᄂ (Default): 60 if no detailed options are specified   ᄂ Condition: Must be set to a value greater than the timeout - loadbalancer.openstack.org/health-monitor-max-retries   ᄂ Set the maximum retry attempts for load balancer health checks   ᄂ (Default): 5 if no detailed options are specified   ᄂ Condition: Must be set within the range of 1–10

Appendix. Example of creating NLB load balancer service

The following example explains how to create a simple Nginx application as a load balancer type service.

Example of creating load balancer type service

apiVersion: apps/v1
kind: Deployment
metadata:
  name: internal-http-nginx-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
  name: default-http-nginx-service
  annotations:
    service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
    loadbalancer.ke.kakaocloud.com/load-balancer-type: "NLB"
spec:
  selector:
    app: nginx
  type: LoadBalancer
  ports:
  - name: http
    port: 80
    targetPort: 80

1. Deploy using the following command. Upon execution, KakaoCloud's load balancer will be automatically created. It may take about 5 minutes to complete the load balancer creation.

   Deployment command

   kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/kakaoicloud-guide/kubernetes-engine/main/guide-samples/createLB/lb-nginx.yml

2. To check the IP address of the created load balancer, run the following command and check the EXTERNAL-IP column. The status may remain Pending until the load balancer is created.

   Check load balancer IP address

   kubectl --kubeconfig=$KUBE_CONFIG get svc default-http-nginx-service
   주소 확인 실행 결과

   NAME                         TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)        AGE
   default-http-nginx-service   LoadBalancer   {CLUSTER-IP}   {EXTERNAL-IP}   80:32245/TCP   7h15m

3. You can verify that traffic is being properly received at the EXTERNAL-IP by running the following command.

   Verify traffic reception at EXTERNAL-IP

   curl {EXTERNAL-IP}
   Traffic reception verification result

   <!doctype html>
   <html>
     <head>
       <title>Welcome to nginx!</title>
       <style>
         body {
           width: 35em;
           margin: 0 auto;
           font-family: Tahoma, Verdana, Arial, sans-serif;
         }
       </style>
     </head>
     <body>
       <h1>Welcome to nginx!</h1>
       <p>
         If you see this page, the nginx web server is successfully installed
         and working. Further configuration is required.
       </p>
       <p>
         For online service and support please refer to
         <a href="http://nginx.org/">nginx.org</a>.<br/>
         Commercial support is available at
         <a href="http://nginx.com/">nginx.com</a>.
       </p>
   
       <p><em>Thank you for using nginx.</em></p>
     </body>
   </html>

info

• If you set the service.beta.kubernetes.io/openstack-internal-load-balancer value to false and check the service connected to the load balancer using the kubectl command, the EXTERNAL-IP column will display the public IP associated with the load balancer, allowing clients to access it via that public IP.
• If a load balancer is created in a cluster in the kr-central-2 region, the EXTERNAL-IP column will display the DNS linked to the load balancer, and clients can connect via that DNS.

Delete load balancer

You can delete a load balancer that is no longer in use. The Service object created as a load balancer type is automatically linked with the KakaoCloud load balancer. Deleting the linked Service will also delete the associated load balancer.

Delete Service

kubectl --kubeconfig=$KUBE_CONFIG delete svc default-http-nginx-service