forked from pivotal-cf/docs-pks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gcp-cluster-load-balancer.html.md.erb
126 lines (94 loc) · 7.34 KB
/
gcp-cluster-load-balancer.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
---
title: Creating and Configuring a GCP Load Balancer for PKS Clusters
owner: PKS
---
<strong><%= modified_date %></strong>
This topic describes how to configure a Google Cloud Platform (GCP) load balancer
for a Kubernetes cluster deployed by Pivotal Container Service (PKS).
A load balancer is a third-party device that distributes network and application
traffic across resources. You can use a load balancer to access a PKS cluster
from outside the network using the PKS API and `kubectl`. Using a load balancer
can also prevent individual network components from being overloaded by high
traffic.
You can configure GCP load balancers only for PKS clusters that are deployed on GCP.
##<a id="prereqs"></a> Prerequisites
The procedures in this topic have the following prerequisites:
* To complete these procedures, you must have already configured a load balancer
to access the PKS API. For more information, see [Creating a GCP Load Balancer
for the PKS API](gcp-api-load-balancer.html).
* The version of the PKS CLI you are using must match the version of the PKS tile you are installing.
##<a id="configure"></a> Configure GCP Load Balancer
Follow the procedures in this section to create and configure a load balancer
for PKS-deployed Kubernetes clusters using GCP. Modify the example commands
in these procedures to match your PKS installation.
###<a id="create"></a> Step 1: Create a GCP Load Balancer
Perform the following steps to create a GCP load balancer for your PKS clusters:
1. Navigate to the [Google Cloud Platform console](https://console.cloud.google.com/).
1. In the sidebar menu, select **Network Services** > **Load balancing**.
1. Click **Create a Load Balancer**.
1. In the **TCP Load Balancing** pane, click **Start configuration**.
1. Click **Continue**. The **New TCP load balancer** menu opens.
1. Give the load balancer a name. For example, `my-cluster`.
1. Click **Frontend configuration** and configure the following settings:
1. Click **IP**.
1. Select **Create IP address**.
1. Give the IP address a name. For example, `my-cluster-ip`.
1. Click **Reserve**. GCP assigns an IP address.
1. In the **Port** field, enter `8443`.
1. Click **Done** to complete frontend configuration.
1. Review your load balancer configuration and click **Create**.
### <a id='create-cluster'></a>Step 2: Create the Cluster
Follow the procedures in the [Create a Kubernetes Cluster](create-cluster.html#create)
section of _Creating Clusters_. Use the GCP-assigned IP address from the previous step
as the external hostname when you run the `pks create-cluster` command.
### <a id='backend'></a>Step 3: Configure Load Balancer Backend
Perform the following steps to configure the backend of the load balancer:
1. Navigate to the [Google Cloud Platform console](https://console.cloud.google.com/).
1. In the sidebar menu, select **Network Services** > **Load balancing**.
1. Select the load balancer you created for the cluster and select **Configure**.
1. Click **Backend configuration** and configure the following settings:
1. Select all master VMs for your cluster from the dropdown. To locate the IP addresses and VM IDs of the master VMs, see [Identify Kubernetes Cluster Master VMs](create-cluster.html#master-id) in _Creating Clusters_.
<p class="note breaking"><strong>Breaking Change</strong>: If master VMs are recreated for any reason, such as a stemcell upgrade, you must reconfigure the load balancer to target the new master VMs. For more information, see the <a href="#reconfigure">Reconfiguring a GCP Load Balancer</a> section below.</p>
1. Specify any other configuration options you require and click **Update** to complete backend configuration.
<p class="note"><strong>Note</strong>: For clusters with multiple master node VMs, health checks on port 8443 are recommended.</p>
###<a id="access"></a> Step 4: Access the Cluster
Perform the following steps to complete cluster configuration:
1. From your local workstation, run `pks get-credentials CLUSTER-NAME`.
This command creates a local `kubeconfig` that allows you to manage the cluster.
For more information about the `pks get-credentials` command, see [Retrieving Cluster Credentials and Configuration](cluster-credentials.html).
1. Run `kubectl cluster-info` to confirm you can access your cluster using the Kubernetes CLI.
See [Managing PKS](managing.html) for information about checking cluster health and viewing cluster logs.
###<a id="tag"></a> Step 5: Create a Network Tag
Perform the following steps to create a network tag:
1. In the Google Cloud Platform sidebar menu, select **Compute Engine** > **VM instances**.
1. Filter to find the master instances of your cluster. Type `master` in the **Filter VM Instances** search box and press **Enter**.
1. Click the name of the master instances. The **VM instance details** menu opens.
1. Click **Edit**.
1. Click in the **Network tags** field and type a human-readable name in lower case letters. Press **Enter** to create the network tag.
1. Scroll to the bottom of the screen and click **Save**.
###<a id="firewall"></a> Step 6: Create Firewall Rules
Perform the following steps to create firewall rules:
1. In the Google Cloud Platform sidebar menu, select **VPC Network** > **Firewall Rules**.
1. Click **Create Firewall Rule**. The **Create a firewall rule** menu opens.
1. Give your firewall rule a human-readable name in lower case letters. For ease of use, you may want to align this name with the name of the load balancer you created in [Step 1: Create a GCP Load Balancer](#create).
1. In the **Network** menu, select the VPC network on which you have deployed the PKS tile.
1. In the **Direction of traffic** field, select **Ingress**.
1. In the **Action on match** field, select **Allow**.
1. Confirm that the **Targets** menu is set to `Specified target tags` and enter the tag you made in [Step 5: Create a Network Tag](#tag) in the **Target tags** field.
1. In the **Source filter** field, choose an option to filter source traffic.
1. Based on your choice in the **Source filter** field, specify IP addresses, Subnets, or Source tags to allow access to your cluster.
1. In the **Protocols and ports** field, choose **Specified protocols and ports** and enter the port number you specified in [Step 1: Create a GCP Load Balancer](#create), prepended by `tcp:`. For example: `tcp:8443`.
1. Specify any other configuration options you require and click **Done** to complete frontend configuration.
1. Click **Create**.
## <a id="reconfigure"></a>Reconfigure Load Balancer
If Kubernetes master node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new master VMs.
For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.
To reconfigure your GCP cluster load balancer to use the new master VMs, do the following:
1. Locate the VM IDs of the new master node VMs for the cluster. For information about locating the VM IDs, see [Identify Kubernetes Cluster Master VMs](create-cluster.html#master-id) in _Creating Clusters_.
1. Navigate to the [GCP console](https://console.cloud.google.com/).
1. In the sidebar menu, select **Network Services > Load balancing**.
1. Select your cluster load balancer and click **Edit**.
1. Click **Backend configuration**.
1. Click **Select existing instances**.
1. Select the new master VM IDs from the dropdown. Use the VM IDs you located in the first step of this procedure.
1. Click **Update**.