This topic describes how to configure an Amazon Web Services (AWS) load balancer for your VMware Tanzu Kubernetes Grid Integrated Edition cluster.

A load balancer is a third-party device that distributes network and application traffic across resources. Using a load balancer can also prevent individual network components from being overloaded by high traffic. For more information about the different types of load balancers used in a Tanzu Kubernetes Grid Integrated Edition deployment see Load Balancers in TKGI.

You can use an AWS Tanzu Kubernetes Grid Integrated Edition cluster load balancer to secure and facilitate access to a Tanzu Kubernetes Grid Integrated Edition cluster from outside the network. You can also reconfigure your AWS Tanzu Kubernetes Grid Integrated Edition cluster load balancers.

Using an AWS Tanzu Kubernetes Grid Integrated Edition cluster load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster using the TKGI API and kubectl.

Note: If Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your AWS TKGI cluster load balancers to point to the new control plane VMs.

Prerequisite

The version of the TKGI CLI you are using must match the version of the Tanzu Kubernetes Grid Integrated Edition tile that you are installing.

Note: This procedure uses example commands which you should modify to represent the details of your Tanzu Kubernetes Grid Integrated Edition installation.

Configure AWS Load Balancer

Step 1: Define Load Balancer

To define your load balancer using AWS, you must provide a name, select a VPC, specify listeners, and select subnets where you want to create the load balancer.

Perform the following steps:

  1. In a browser, navigate to the AWS Management Console.
  2. Under Compute, click EC2.
  3. In the EC2 Dashboard, under Load Balancing, click Load Balancers.
  4. Click Create Load Balancer.
  5. Under Classic Load Balancer, click Create.
  6. On the Define Load Balancer page, complete the Basic Configuration section as follows:
  7. Load Balancer name: Name the load balancer. VMware recommends that you name your load balancer k8s-master-CLUSTERNAME where CLUSTERNAME is a unique name that you provide when creating the cluster. For example, k8s-master-mycluster.
    1. Create LB inside: Select the VPC where you installed Ops Manager.
    2. Create an internal load balancer: Do not enable this checkbox. The cluster load balancer must be internet-facing.
  8. Complete the Listeners Configuration section as follows:
    1. Configure the first listener as follows.
      • Under Load Balancer Protocol, select TCP.
      • Under Load Balancer Port, enter 8443.
      • Under Instance Protocol, select TCP.
      • Under Instance Port, enter 8443.
  9. Under Select Subnets, select the public subnets for your load balancer in the availability zones where you want to create the load balancer.
  10. Click Next: Assign Security Groups.

Step 2: Assign Security Groups

Perform the following steps to assign security groups:

  1. On the Assign Security Groups page, select one of the following:

    • Create a new security group: Complete the security group configuration as follows:
      1. Security group name: Name your security group.
      2. Confirm that your security group includes Protocol TCP with Ports 8443.
    • Select an existing security group: Select the default security group. The default security group includes includes Protocol TCP with Ports 8443.
  2. Click Next: Configure Security Settings.

Step 3: Configure Security Settings

On the Configure Security Settings page, ignore the warning. SSL termination is done on the Kubernetes API.

Step 4: Configure Health Check

Perform the following steps to configure the health check:

  1. On the Configure Health Check page, set the Ping Protocol to TCP.

  2. For Ping Port, enter 8443.

  3. Click Next: Add EC2 Instances.

Step 5: Add EC2 Instances

Perform the following steps:

  1. Verify the settings under Availability Zone Distribution.

  2. Click Add Tags.

(Optional) Step 6: Add Tags

Perform the following steps to add tags:

  1. Add tags to your resources to help organize and identify them. Each tag consists of a case-sensitive key-value pair.

  2. Click Review and Create.

Step 7: Review and Create the Load Balancer

Perform the following steps to review your load balancer details and create your load balancer:

  1. On the Review page, review your load balancer details and edit any as necessary.

  2. Click Create.

Step 8: Create a Cluster

Create a Kubernetes cluster using the AWS-assigned address of your load balancer as the external hostname when you run the tkgi create-cluster command. For example:

$ tkgi create-cluster my-cluster \ 
–external-hostname example111a6511e9a099028c856be95-155233362.eu-west-1.elb.amazonaws.com \
–plan small –num-nodes 10

For more information, see Create a Kubernetes Cluster section of Creating Clusters.

Step 9: Point the Load Balancer to All Control Plane VMs

  1. Locate the VM IDs of all control plane node VMs for your cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Control Plane VMs in Creating Clusters.
  2. Navigate to the AWS console.
  3. Under EC2, select Load balancers.
  4. Select the load balancer.
  5. On the Instances tab, click Edit instances.
  6. Select all control plane nodes in the list of VMs.
  7. Click Save.

Reconfigure AWS Load Balancer

If Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new control plane VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.

To reconfigure your AWS cluster load balancer to use the new control plane VMs, do the following:

  1. Locate the VM IDs of the new control plane node VMs for the cluster. For information about locating the VM IDs, see Identify Kubernetes Cluster Control Plane VMs in Creating Clusters.
  2. Navigate to the AWS console.
  3. Under EC2, select Load balancers.
  4. Select the load balancer.
  5. On the Instances tab, click Edit instances.
  6. Select the new control plane nodes in the list of VMs.
  7. Click Save.
check-circle-line exclamation-circle-line close-line
Scroll to top icon