Configure the load balancer
A load balancer in Managed Kubernetes is used to distribute incoming traffic between pods.
We recommend that after creating a Managed Kubernetes cluster, you perform all actions on the cluster balancers and disks only via kubectl.
Create a load balancer
Create a manifest with Service of type LoadBalancer.
Manifesto example:
apiVersion: v1
kind: Service
metadata:
name: loadbalancer-name
labels:
app: nginx
annotations:
loadbalancer.openstack.org/keep-floatingip: "true"
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- port: 80
protocol: TCP
All additional parameters for the balancer are passed in the annotations
block — the instructions specify frequently used annotations that may be useful when creating a balancer or, in some cases, for an already created balancer.
The created load balancer will appear in control panel under Cloud Platform → Balancers.
Specify flavor and balancer type
By default, without specifying an annotation, a load balancer is created with type Basic with redundancy.
To create a balancer with a different type, use the annotation:
loadbalancer.openstack.org/flavor-id: "<flavor_id>"
Specify <flavor_ID>
— ID load balancer type (flavor). The list of flavorors can be viewed with openstack loadbalancer flavor list -c id -c name
. For more information about matching balancer names and types, see View Type List.
You cannot change the type in a created balancer — you must create a new manifest with the desired annotation.
Create a balancer without a public IP address
By default, an unannotated balancer with a public IP address is created.
To create a balancer without a public IP address, use the annotation:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.
Create a balancer with IP address from other subnets
By default, the balancer is created on the same network as the cluster nodes and a public IP address is allocated to it.
You can create a balancer on any other subnet — public, private, or cross-project.
-
Add an annotation to the manifest:
loadbalancer.openstack.org/subnet-id: "<subnet_id>"
Specify
<subnet_id>
— subnet ID, can be viewed with theopenstack subnet list
command -
To ensure that a public IP address is not automatically created, add an annotation:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
-
Specify an IP address from the specified subnet in the
loadBalancerIP
field:spec:
type: LoadBalancer
selector:
app: nginx
ports:
- port: 80
protocol: TCP
name: http
loadBalancerIP: "<IP_address>"You cannot replace the annotation in the created balancer — you must create a new manifest with the desired annotation.
Add connection parameters
Annotations are used to control the parameters of connections to the balancer or between the balancer and servers:
- max-connections
- connection-timeout-for-incoming-requests
- connection-timeout-for-balancer-requests-to-servers
- inactivity-timeout
- TCP timeout
The connection settings set in the annotations are displayed in Control Panel under Cloud Platform → Balancers → Balancer page → Connections tab.
Maximum Connections
To specify the maximum connections for a balancer rule, use the annotation:
loadbalancer.openstack.org/connection-limit: "<value>"
Specify <value>
— the maximum number of connections per second. The default is "-1"
(not limited).
You can update a parameter in an already created balancer.
In Control Panel, the parameter is displayed in Incoming Requests → Balancer → parameter Maximum Connections.
Connection timeout for incoming requests
To specify the connection timeout for incoming requests, use annotation:
loadbalancer.openstack.org/timeout-client-data: "<value>"
Specify <value>
— timeout value in milliseconds. The default is "50000"
You can update a parameter in an already created balancer.
In Control Panel, the parameter is displayed in Incoming Requests → balancer → parameter Connection Timeout, ms.
Connection timeout for balancer requests to servers
To specify the connection timeout for balancer requests to servers, use the annotation:
loadbalancer.openstack.org/timeout-member-connect: "<value>"
Specify <value>
— timeout value in milliseconds. The default is ``5,000''
You can update a parameter in an already created balancer.
In Control Panel, the parameter is displayed under Balancer → Servers → parameter Connection timeout, ms.
Inactivity timeout
The inactivity timeout for balancer requests to servers is the amount of time that the current connection is considered "alive" even if no data is being transferred.
To specify the inactivity timeout, use the annotation:
loadbalancer.openstack.org/timeout-member-data: "<value>"
Specify <value>
— timeout value in milliseconds. The default is "50000"
You can update a parameter in an already created balancer.
In Control Panel, the parameter is displayed under Balancer → servers → parameter Inactivity timeout, ms.
TCP timeout
When a new TCP session is established, data is sometimes not transmitted immediately. The parameter defines the amount of time the balancer waits for data transmission for inspection on an already established connection.
To specify the TCP wait timeout for balancer requests to servers, use the annotation:
loadbalancer.openstack.org/timeout-tcp-inspect: "<value>"
Specify <value>
— timeout value in milliseconds. The default is "0"
.
You can update a parameter in an already created balancer.
In Control Panel, the parameter is displayed in the Balancer → Servers → parameter TCP wait timeout, ms.
Enable rule checking
To enable or disable validation for rules, use the annotation:
loadbalancer.openstack.org/enable-health-monitor: "<value>"
Specify <value>
— "true"
to enable or "false"
to disable. The default value is "true"
.
You can update a parameter in an already created balancer.
Add header X-Forwarded-For
Without specifying an annotation, the balancer passes only the original body of the HTTP request to the server, replacing the client's IP address with its own.
To ensure that servers receive this information for correct operation or analysis, include an X-Forwarded-For header in the request to the server, use the annotation:
loadbalancer.openstack.org/x-forwarded-for: "true"
The rule will use the HTTP → HTTP scheme instead of TCP → TCP.
You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.
Add TCP → Proxy rule
The PROXY protocol is used to transfer connection information from the source requesting the connection to the destination for which the connection was requested.
The logs of a feed to which a connection is made through a balancer with TCP → PROXY rules will show the real IP address of the connecting person, not the address of the balancer.
To create a balancer with the rule TCP → PROXY, use the annotation:
loadbalancer.openstack.org/proxy-protocol: "true"
You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.
Save the public IP address
To retain the public IP address when recreating the balancer, use the annotation:
loadbalancer.openstack.org/keep-floatingip: "true".
Specify this or another public IP address in the loadBalancerIP
field:
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- port: 80
protocol: TCP
name: http
loadBalancerIP: "<IP_address>"
You can use the annotation for an already created balancer.