Configure the load balancer
A load balancer in Managed Kubernetes is used to distribute incoming traffic between the pods.
We recommend that once a Managed Kubernetes cluster is created, all actions on the cluster's balancers and disks should be performed only through the kubectl.
Create a load balancer
Create a manifest with Service like LoadBalancer.
Manifesto example:
apiVersion: v1
kind: Service
metadata:
name: loadbalancer-name
labels:
app: nginx
annotations:
loadbalancer.openstack.org/keep-floatingip: "true"
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- port: 80
protocol: TCP
All additional parameters for the balancer are passed in the block annotations
— The instructions include frequently used annotations that may be useful when creating a balancer or, in some cases, for an already created balancer.
The created load balancer will appear in the control panel under Cloud platform → Balancers → tab Balancers.
Specify flavor and balancer type
By default, without specifying an annotation, a load balancer is created with type Basic with reservation.
To create a balancer with a different type, use the annotation:
loadbalancer.openstack.org/flavor-id: "<flavor_id>"
Specify <flavor_id>
— Flavor ID. The flavors correspond to by load balancer type and determine the number of vCPUs, RAM, and the number of balancer instances. For example, ac18763b-1fc5-457d-9fa7-b0d339ffb336
— ID to create a balancer with type Advanced with reservation in the ru-9 pool. You can see list of load balancer flavorings in all pools tabulated or see the list of load balancer flavorings in a certain pool through the Openstack CLI.
You cannot change the type in a created balancer — you must create a new manifest with the desired annotation.
Create a balancer without a public IP address
By default, an unannotated balancer with a public IP address is created.
To create a balancer without a public IP address, use the annotation:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.
Create a balancer with IP address from other subnets
By default, the balancer is created on the same network as the cluster nodes and a public IP address is allocated to it.
You can create a balancer on any other subnet — public, private, or cross-project.
-
Add a subnet annotation to the manifest:
loadbalancer.openstack.org/subnet-id: "<subnet_uuid>"
Specify
<subnet_uuid>
— Subnet ID, can be viewed withopenstack subnet list
-
To ensure that a public IP address is not automatically created, add an annotation:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
-
Specify the IP address of the balancer:
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- port: 80
protocol: TCP
name: http
loadBalancerIP: "<ip_address>"Specify
<ip_address>
— The IP address of the balancer from the subnet you selected in step 1.You cannot replace the annotation in the created balancer — you must create a new manifest with the desired annotation.
Add connection settings
Annotations are used to control connection settings between incoming requests and the balancer or between the balancer and servers:
- maximum connections;
- connection timeout for incoming requests;
- connection timeout for balancer requests to servers;
- inactivity timeout;
- TCP timeout.
Connection settings are defined for rules balancer. The connection settings set in the annotations can be viewed in the control panels: under Cloud platform → Balancers → tab Balancers → balancer page → open rule card → open block Advanced rule settings.
Maximum connections
To specify the maximum connections, use annotation:
loadbalancer.openstack.org/connection-limit: "<value>"
Specify <value>
— maximum number of connections per second. The default is. "-1"
(not limited).
You can update a parameter in an already created balancer.
The parameter can be viewed in control panels: under Cloud platform → Balancers → tab Balancers → balancer page → open rule card → open block Advanced rule settings → block Incoming requests to the balancer → field Maximum connections.
Connection timeout for incoming requests
To specify the connection timeout for incoming requests to the balancer, use the annotation:
loadbalancer.openstack.org/timeout-client-data: "<value>"
Specify <value>
— timeout value in milliseconds. The default is. "50000"
You can update a parameter in an already created balancer.
The parameter can be viewed in control panels: under Cloud platform → Balancers → tab Balancers → balancer page → open rule card → open block Advanced rule settings → block Incoming requests to the balancer → field Connection timeout, ms.
Connection timeout for balancer requests to servers
To specify the connection timeout for balancer requests to servers, use the annotation:
loadbalancer.openstack.org/timeout-member-connect: "<value>"
Specify <value>
— timeout value in milliseconds. The default is. "5000"
You can update a parameter in an already created balancer.
The parameter can be viewed in control panels: under Cloud platform → Balancers → tab Balancers → balancer page → open rule card → open block Advanced rule settings → block Requests from the balancer to the servers → field Connection timeout, ms.
Inactivity timeout
The inactivity timeout for balancer requests to servers is the amount of time that the current connection is considered "alive" even if no data is being transferred.
To specify the inactivity timeout, use the annotation:
loadbalancer.openstack.org/timeout-member-data: "<value>"
Specify <value>
— timeout value in milliseconds. The default is. "50000"
You can update a parameter in an already created balancer.
The parameter can be viewed in control panels: under Cloud platform → Balancers → tab Balancers → balancer page → open rule card → open block Advanced rule settings → block Requests from the balancer to the servers → field Inactivity timeout, ms.
TCP wait timeout
When a new TCP session is established, data is sometimes not transmitted immediately. The parameter defines the time during which the balancer waits for data transmission for inspection on an already established connection.
To specify the TCP wait timeout for balancer requests to servers, use the annotation:
loadbalancer.openstack.org/timeout-tcp-inspect: "<value>"
Specify <value>
— timeout value in milliseconds. The default is. "0"
You can update a parameter in an already created balancer.
The parameter can be viewed in control panels: under Cloud platform → Balancers → tab Balancers → balancer page → open rule card → open block Advanced rule settings → block Requests from the balancer to the servers → field TCP timeout, ms.
Enable rule checking
To enable or disable validation for rules, use the annotation:
loadbalancer.openstack.org/enable-health-monitor: "<value>"
Specify <value>
— "true"
to enable or "false"
to disable. The default value is. "true"
You can update a parameter in an already created balancer.
Add header X-Forwarded-For
Without specifying an annotation, the balancer passes only the original body of the HTTP request to the server, replacing the client's IP address with its own.
To ensure that servers receive this information for correct operation or analysis, include a header in the request to the server X-Forwarded-For
, use the abstract:
loadbalancer.openstack.org/x-forwarded-for: "true"
The rule will use the HTTP → HTTP scheme instead of TCP → TCP.
You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.
Add TCP → Proxy rule
The PROXY protocol is used to transfer connection information from the source requesting the connection to the destination for which the connection was requested.
The logs of a feed to which a connection is made through a balancer with TCP → PROXY rules will show the real IP address of the connecting person, not the address of the balancer.
To create a balancer with a TCP → PROXY rule, use the annotation:
loadbalancer.openstack.org/proxy-protocol: "true"
You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.
Save the public IP address
To retain the public IP address when recreating the balancer, use the annotation:
loadbalancer.openstack.org/keep-floatingip: "true"
Specify this or another public IP address in the field loadBalancerIP
:
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- port: 80
protocol: TCP
name: http
loadBalancerIP: "<ip_address>"
You can use the annotation for an already created balancer.