Create and delete load balancer
A load balancer distributes large amounts of traffic to multiple servers, supporting stable service operation. When creating a load balancer type service in Kubernetes Engine, based on the annotation options, either a Network Load Balancer (NLB) or an Application Load Balancer (ALB) will be created.
Create load balancer
The following describes how to create a load balancer in the Kubernetes Engine service.
In the kr-central-2 region, the cluster network can be set up to use different availability zones (AZs), enabling the creation of highly available Multi-AZ clusters. If a load balancer is created in a Multi-AZ cluster, a load balancer will be created in every AZ configured for the cluster network.
If the node pool of a Multi-AZ cluster is configured in only one AZ, the cluster’s load balancer will still be created in all AZs. All load balancers (NLB or ALB) are subject to billing, so please take note.
Prerequisites
Step 1. Install and configure kubectl
To create a Service object in Kubernetes, install kubectl and configure it for cluster control. For detailed instructions on kubectl installation and control setup, refer to Configure kubectl control.
Step 2. Register and manage SSL certificates
To create an Application Load Balancer (ALB) and set the load balancer listener to TERMINATED_HTTPS in Kubernetes, an SSL certificate is required. Register and manage the SSL certificate for the ALB as follows.
Register certificate
-
Go to the Container Pack > Kubernetes Engine > Certification tab in the KakaoCloud Console.
-
In the Certification menu, click the [Register certificate] button.
-
In the certificate registration popup, enter the required information and click [Register].
-
Verify the registered certificate information in the certificate list.
Delete certificate
-
Go to the Container Pack > Kubernetes Engine > Certification tab in the KakaoCloud Console.
-
In the Certification menu, select the [More] icon next to the certificate to delete and click Delete certificate.
-
In the delete certificate popup, enter the necessary details and click [Delete].
Step 1. Check load balancer service specifications
Check the specifications of the load balancer service. In the example YAML file for a load balancer type service associated with app: nginx, check the following two items.
| Item to Check | Value and Description |
|---|---|
spec.type | Value: LoadBalancer ᄂ Set service type to create a load balancer |
metadata.annotations subfield of annotations | Set load balancer type Value loadbalancer.ke.kakaocloud.com/load-balancer-type ᄂ NLB (default): Create Network Load Balancer ᄂ ALB: Create Application Load Balancer ᄂ If not set, defaults to creating a Network Load Balancer. Set public IP usage Value service.beta.kubernetes.io/openstack-internal-load-balancer ᄂ true (default): Use private IP ᄂ false: Use public IP |
Check NLB load balancer service specifications
kind: Service
apiVersion: v1
metadata:
name: default-http-nginx-service
annotations:
service.beta.kubernetes.io/openstack-internal-load-balancer: 'true'
loadbalancer.ke.kakaocloud.com/load-balancer-type: 'NLB'
spec:
selector:
app: nginx
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
Check ALB load balancer service specifications
kind: Service
apiVersion: v1
metadata:
name: default-http-nginx-service
annotations:
service.beta.kubernetes.io/openstack-internal-load-balancer: 'true'
loadbalancer.ke.kakaocloud.com/load-balancer-type: 'ALB'
loadbalancer.openstack.org/default-tls-container-ref: 'https://key-manager.{enter the certificate path for the region}/v1/secrets/{enter certificate ID}'
spec:
selector:
app: nginx
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
Step 2. Set load balancer type
Based on the load balancer type setting, either a Network Load Balancer (NLB) or an Application Load Balancer (ALB) will be created.
- Create 'Network Load Balancer (NLB)'
- Create 'Application Load Balancer (ALB)'
When creating a load balancer type service in Kubernetes Engine, a Network Load Balancer (NLB) that operates at OSI Layer 4 (network layer) is created by default.
Set the annotations under metadata.annotations as follows.
| Annotation Item | Value and Description |
|---|---|
loadbalancer.ke.kakaocloud.com/load-balancer-type | Set to create Network Load Balancer (NLB) - Set to "NLB" |
When creating an Application Load Balancer (ALB) in Kubernetes Engine, it operates at OSI Layer 7 (application layer). Set the annotations under metadata.annotations as follows.
- kr-central-1
- kr-central-2
| Annotation Item | Value and Description |
|---|---|
loadbalancer.ke.kakaocloud.com/load-balancer-type | Set to create Application Load Balancer (ALB) - Set to "ALB" |
loadbalancer.openstack.org/default-tls-container-ref | Listener protocol is set to 'TERMINATED_HTTPS', and SSL certificate setup is required - Enter "https://key-manager.kr-central-1.kakaoi.io/v1/secrets/{secret UUID}" ᄂ Replace {secret UUID} with the certificate ID ᄂ You can verify the certificate ID after pre-registering it in the certification tab of the console ᄂ If an SSL certificate is not applied to the ALB, the listener protocol will be set to 'HTTP' |
| Annotation Item | Value and Description |
|---|---|
loadbalancer.ke.kakaocloud.com/load-balancer-type | Set to create Application Load Balancer (ALB) - Set to "ALB" |
loadbalancer.openstack.org/default-tls-container-ref | Listener protocol is set to 'TERMINATED_HTTPS', and SSL certificate setup is required - Enter "https://key-manager.kr-central-2.kakaoi.io/v1/secrets/{secret UUID}" ᄂ Replace {secret UUID} with the certificate ID ᄂ You can verify the certificate ID after pre-registering it in the certification tab of the console ᄂ If an SSL certificate is not applied to the ALB, the listener protocol will be set to 'HTTP' |
- When setting the ALB annotation, ensure that the certificate path corresponds to the region where the load balancer is created.
- The SSL certificate for the ALB must be applied when the ALB is first created, along with the certificate configuration annotation.
- If the certificate settings need to be changed, you must delete and recreate the Service object. Note that this will disconnect or delete the existing load balancer and create a new one.
Step 3. Configure public IP for the load balancer
You can configure whether to use a public IP when creating a load balancer.
Set the service.beta.kubernetes.io/openstack-internal-load-balancer value under metadata.annotations to configure public IP usage for the load balancer.
- To create a load balancer with a private IP, set the value to
true(default) - To create a load balancer with a public IP, set the value to
false
- Depending on the
service.beta.kubernetes.io/openstack-internal-load-balancersetting, the load balancer’s public IP will either create and connect a new public IP or disconnect the public IP. If the value is set to false and a public IP was used, changing the value to true later will still result in the public IP being disconnected and subject to public IP billing. - To delete the public IP used by the Kubernetes Engine load balancer, go to the Public IP menu under the VPC section of the KakaoCloud Console. For more details, refer to Create and manage public IP.
Appendix. Configure detailed load balancer options
When creating a load balancer in the Kubernetes Engine service, additional options can be configured. Check the annotations section in the example YAML file for the load balancer type service.
| Option Item | Value and Description |
|---|---|
metadata.annotations subfield of annotations | Delete public IP setting Value: - loadbalancer.ke.kakaocloud.com/delete-floatingip ᄂ true: Deletes the public IP connected to the load balancer upon deletion ᄂ false (default): Disconnects the public IP when the load balancer is deleted Health Check condition settings Value: - loadbalancer.openstack.org/health-monitor-timeout ᄂ Set the maximum response time for load balancer health checks ᄂ (Default): 30 if no detailed options are specified ᄂ Condition: Value is set in seconds, with no restriction on the limit - loadbalancer.openstack.org/health-monitor-delay ᄂ Set the interval for load balancer health checks ᄂ (Default): 60 if no detailed options are specified ᄂ Condition: Must be set to a value greater than the timeout - loadbalancer.openstack.org/health-monitor-max-retries ᄂ Set the maximum retry attempts for load balancer health checks ᄂ (Default): 5 if no detailed options are specified ᄂ Condition: Must be set within the range of 1–10 |
Appendix. Example of creating NLB load balancer service
The following example explains how to create a simple Nginx application as a load balancer type service.
apiVersion: apps/v1
kind: Deployment
metadata:
name: internal-http-nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
name: default-http-nginx-service
annotations:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
loadbalancer.ke.kakaocloud.com/load-balancer-type: "NLB"
spec:
selector:
app: nginx
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
-
Deploy using the following command. Upon execution, KakaoCloud's load balancer will be automatically created. It may take about 5 minutes to complete the load balancer creation.
Deployment commandkubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/kakaoicloud-guide/kubernetes-engine/main/guide-samples/createLB/lb-nginx.yml -
To check the IP address of the created load balancer, run the following command and check the
EXTERNAL-IPcolumn. The status may remain Pending until the load balancer is created.Check load balancer IP addresskubectl --kubeconfig=$KUBE_CONFIG get svc default-http-nginx-service주소 확인 실행 결과NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-nginx-service LoadBalancer {CLUSTER-IP} {EXTERNAL-IP} 80:32245/TCP 7h15m -
You can verify that traffic is being properly received at the
EXTERNAL-IPby running the following command.Verify traffic reception at EXTERNAL-IPcurl {EXTERNAL-IP}Traffic reception verification result<!doctype html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>
If you see this page, the nginx web server is successfully installed
and working. Further configuration is required.
</p>
<p>
For online service and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br />
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.
</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
- If you set the
service.beta.kubernetes.io/openstack-internal-load-balancervalue tofalseand check the service connected to the load balancer using the kubectl command, theEXTERNAL-IPcolumn will display the public IP associated with the load balancer, allowing clients to access it via that public IP. - If a load balancer is created in a cluster in the
kr-central-2region, theEXTERNAL-IPcolumn will display the DNS linked to the load balancer, and clients can connect via that DNS.
Delete load balancer
You can delete a load balancer that is no longer in use. The Service object created as a load balancer type is automatically linked with the KakaoCloud load balancer. Deleting the linked Service will also delete the associated load balancer.
kubectl --kubeconfig=$KUBE_CONFIG delete svc default-http-nginx-service