This topic describes how to create a load balancer for the TKGI API using Google Cloud Platform (GCP).

Overview

Before you install VMware Tanzu Kubernetes Grid Integrated Edition, you must configure an external TCP load balancer to access the TKGI API from outside the network. You can use any external TCP load balancer of your choice.

Refer to the procedures in this topic to create a load balancer using GCP. If you choose to use a different load balancer, use the configuration in this topic as a guide.

Note: This procedure uses example commands which you should modify to represent the details of your Tanzu Kubernetes Grid Integrated Edition installation.

To create a GCP load balancer for the TKGI API, do the following:

  1. Create a Load Balancer
  2. Create a Firewall Rule
  3. Create a DNS Entry
  4. Install Tanzu Kubernetes Grid Integrated Edition

Create a Load Balancer

To create a load balancer using GCP, perform the following steps:

  1. In a browser, navigate to the GCP console.

  2. Navigate to Network Services > Load balancing and click CREATE LOAD BALANCER.

  3. Under TCP Load Balancing, click Start configuration.

  4. Under Internet facing or internal only, select From Internet to my VMs.

  5. Under Multiple regions or single region, select Single region only.

  6. Click Continue.

  7. Name your load balancer. VMware recommends naming your load balancer tkgi-api.

  8. Select Backend configuration.

    • Under Region, select the region where you deployed Ops Manager.
    • Under Backends, select Select existing instances. This will be automatically configured when updating the Resource Config section of the Tanzu Kubernetes Grid Integrated Edition tile.
    • (Optional) Under Backup pool, select a backup pool. If you select a backup pool, set a Failover ratio.
    • (Optional) Under Health check, select whether or not you want to create a health check.
    • Under Session affinity, select a session affinity configuration.
    • (Optional) Select Advanced configurations to configure the Connection draining timeout.

  9. Select Frontend configuration.

    • (Optional) Name your frontend.
    • (Optional) Click Add a description and provide a description.
    • Select Create IP address to reserve an IP address for the TKGI API endpoint.
      1. Enter a name for your reserved IP address. For example, tkgi-api-ip. GCP assigns a static IP address that appears next to the name.
      2. (Optional) Enter a description.
      3. Click Reserve.
    • Under Port, enter 9021. Your external load balancer forwards traffic to the TKGI API VM using the UAA endpoint on port 8443 and the TKGI API endpoint on port 9021.
    • Click Done.
    • Click New Frontend IP and Port.
      1. Enter a name for the frontend IP-port mapping, such as tkgi-api-uaa.
      2. (Optional) Add a description.
      3. Under IP select the same static IP address that GCP assigned in the previous step.
      4. Under Port, enter 8443.
      5. Click Done.

  10. Click Review and finalize to review your load balancer configuration.

  11. Click Create.

Create a Firewall Rule

To create a firewall rule that allows traffic between the load balancer and the TKGI API VM, do the following:

  1. From the GCP console, navigate to VPC Network > Firewall rules and click CREATE FIREWALL RULE.

  2. Configure the following:

    • Name your firewall rule.
    • (Optional) Provide a description for your firewall rule.
    • Under Network, select the VPC network you created in the Create a GCP Network with Subnets step of Preparing to Deploy Ops Manager on GCP Manually.
    • Under Priority, enter a priority number between 0 and 65535.
    • Under Direction of traffic, select Ingress.
    • Under Action on match, select Allow.
    • Under Targets, select Specified target tags.
    • Under Target tags, enter the load balancer name. Specify the same load balancer name that you used for Load Balancer, for example tkgi-api.

      Note: When deploying the TKGI API VM, Ops Manager will tag the TKGI API VM with the specified load balancer and this firewall rule will then be applied to the TKGI API VM.

    • Under Source filter, select IP ranges.
    • Under Source IP ranges, enter 0.0.0.0/0.
    • Under Protocols and ports, select Specified protocols and ports and enter tcp:8443,9021.

  3. Click Create.

Create a DNS Entry

To create a DNS entry in GCP for your TKGI API domain, do the following:

  1. From the GCP console, navigate to Network Services > Cloud DNS.

  2. If you do not already have a DNS zone, click Create zone.

    • Provide a Zone name and a DNS name.
    • Specify whether the DNSSEC state of the zone is Off, On, or Transfer.
    • (Optional) Enter a Description.
    • Click Create.

  3. Click Add record set.

  4. Under DNS Name, enter a subdomain for the load balancer. For example, if your domain is example.com, enter api.tkgi in this field to use api.tkgi.example.com as your TKGI API load balancer hostname.

  5. Under Resource Record Type, select A to create a DNS address record.

  6. Enter a value for TTL and select a TTL Unit.

  7. Enter the static IP address that GCP assigned when you created the load balancer in Create a Load Balancer.

  8. Click Create.

Install Tanzu Kubernetes Grid Integrated Edition

Follow the instructions in Installing Tanzu Kubernetes Grid Integrated Edition on GCP to deploy Tanzu Kubernetes Grid Integrated Edition.

check-circle-line exclamation-circle-line close-line
Scroll to top icon