Skip to main content
Configure the load balancer
Last update:

Configure the load balancer

A load balancer in Managed Kubernetes is used to distribute incoming traffic between pods.

For your information

We recommend that after creating a Managed Kubernetes cluster, you perform all actions on the cluster balancers and disks only via kubectl.

Create a load balancer

Create a manifest with Service of type LoadBalancer.

Manifesto example:

apiVersion: v1
kind: Service
metadata:
  name: loadbalancer-name
  labels:
    app: nginx
  annotations:
    loadbalancer.openstack.org/keep-floatingip: "true"
spec:
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - port: 80
    protocol: TCP

All additional parameters for the balancer are passed in the annotations block — the instructions specify frequently used annotations that may be useful when creating a balancer or, in some cases, for an already created balancer.

The created load balancer will appear in control panel under Cloud PlatformBalancers.

Specify flavor and balancer type

By default, without specifying an annotation, a load balancer is created with type Basic with redundancy.

To create a balancer with a different type, use the annotation:

loadbalancer.openstack.org/flavor-id: "<flavor_id>"

Specify <flavor_ID> — ID load balancer type (flavor). The list of flavorors can be viewed with openstack loadbalancer flavor list -c id -c name. For more information about matching balancer names and types, see View Type List.

You cannot change the type in a created balancer — you must create a new manifest with the desired annotation.

Create a balancer without a public IP address

By default, an unannotated balancer with a public IP address is created.

To create a balancer without a public IP address, use the annotation:

service.beta.kubernetes.io/openstack-internal-load-balancer: "true"

You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.

Create a balancer with IP address from other subnets

By default, the balancer is created on the same network as the cluster nodes and a public IP address is allocated to it.

You can create a balancer on any other subnet — public, private, or cross-project.

  1. Add an annotation to the manifest:

    loadbalancer.openstack.org/subnet-id: "<subnet_id>"

    Specify <subnet_id> — subnet ID, can be viewed with the openstack subnet list command

  2. To ensure that a public IP address is not automatically created, add an annotation:

    service.beta.kubernetes.io/openstack-internal-load-balancer: "true"

  3. Specify an IP address from the specified subnet in the loadBalancerIP field:

    spec:
        type: LoadBalancer
        selector:
          app: nginx
        ports:
        - port: 80
          protocol: TCP
          name: http
        loadBalancerIP: "<IP_address>"

    You cannot replace the annotation in the created balancer — you must create a new manifest with the desired annotation.

Add connection parameters

Annotations are used to control the parameters of connections to the balancer or between the balancer and servers:

The connection settings set in the annotations are displayed in Control Panel under Cloud PlatformBalancers → Balancer page → Connections tab.

Maximum Connections

To specify the maximum connections for a balancer rule, use the annotation:

loadbalancer.openstack.org/connection-limit: "<value>"

Specify <value> — the maximum number of connections per second. The default is "-1" (not limited).

You can update a parameter in an already created balancer.

In Control Panel, the parameter is displayed in Incoming Requests → Balancer → parameter Maximum Connections.

Connection timeout for incoming requests

To specify the connection timeout for incoming requests, use annotation:

loadbalancer.openstack.org/timeout-client-data: "<value>"

Specify <value> — timeout value in milliseconds. The default is "50000"

You can update a parameter in an already created balancer.

In Control Panel, the parameter is displayed in Incoming Requests → balancer → parameter Connection Timeout, ms.

Connection timeout for balancer requests to servers

To specify the connection timeout for balancer requests to servers, use the annotation:

loadbalancer.openstack.org/timeout-member-connect: "<value>"

Specify <value> — timeout value in milliseconds. The default is ``5,000''

You can update a parameter in an already created balancer.

In Control Panel, the parameter is displayed under Balancer → Servers → parameter Connection timeout, ms.

Inactivity timeout

The inactivity timeout for balancer requests to servers is the amount of time that the current connection is considered "alive" even if no data is being transferred.

To specify the inactivity timeout, use the annotation:

loadbalancer.openstack.org/timeout-member-data: "<value>"

Specify <value> — timeout value in milliseconds. The default is "50000"

You can update a parameter in an already created balancer.

In Control Panel, the parameter is displayed under Balancer → servers → parameter Inactivity timeout, ms.

TCP timeout

When a new TCP session is established, data is sometimes not transmitted immediately. The parameter defines the amount of time the balancer waits for data transmission for inspection on an already established connection.

To specify the TCP wait timeout for balancer requests to servers, use the annotation:

loadbalancer.openstack.org/timeout-tcp-inspect: "<value>"

Specify <value> — timeout value in milliseconds. The default is "0".

You can update a parameter in an already created balancer.

In Control Panel, the parameter is displayed in the Balancer → Servers → parameter TCP wait timeout, ms.

Enable rule checking

To enable or disable validation for rules, use the annotation:

loadbalancer.openstack.org/enable-health-monitor: "<value>"

Specify <value> — "true" to enable or "false" to disable. The default value is "true".

You can update a parameter in an already created balancer.

Add header X-Forwarded-For

Without specifying an annotation, the balancer passes only the original body of the HTTP request to the server, replacing the client's IP address with its own.

To ensure that servers receive this information for correct operation or analysis, include an X-Forwarded-For header in the request to the server, use the annotation:

loadbalancer.openstack.org/x-forwarded-for: "true"

The rule will use the HTTPHTTP scheme instead of TCPTCP.

You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.

Add TCP → Proxy rule

The PROXY protocol is used to transfer connection information from the source requesting the connection to the destination for which the connection was requested.

The logs of a feed to which a connection is made through a balancer with TCPPROXY rules will show the real IP address of the connecting person, not the address of the balancer.

To create a balancer with the rule TCPPROXY, use the annotation:

loadbalancer.openstack.org/proxy-protocol: "true"

You cannot replace a parameter in a created balancer — you must create a new manifest with the required annotation.

Save the public IP address

To retain the public IP address when recreating the balancer, use the annotation:

loadbalancer.openstack.org/keep-floatingip: "true".

Specify this or another public IP address in the loadBalancerIP field:

spec:
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - port: 80
    protocol: TCP
    name: http
  loadBalancerIP: "<IP_address>"

You can use the annotation for an already created balancer.