This topic describes how to configure a Google Cloud Platform (GCP) load balancer for a Kubernetes cluster deployed by VMware Tanzu Kubernetes Grid Integrated Edition.
A load balancer is a third-party device that distributes network and application traffic across resources. You can use a load balancer to access a TKGI-deployed cluster from outside the network using the TKGI API and kubectl
. Using a load balancer can also prevent individual network components from being overloaded by high traffic.
You can configure GCP load balancers only for TKGI clusters that are deployed on GCP.
To configure a GCP load balancer, follow the procedures below:
To reconfigure a cluster load balancer, follow the procedures in Reconfigure Load Balancer below.
The procedures in this topic have the following prerequisites:
Follow the procedures in this section to create and configure a load balancer for TKGI-deployed Kubernetes clusters using GCP. Modify the example commands in these procedures to match your Tanzu Kubernetes Grid Integrated Edition installation.
To create a GCP load balancer for your TKGI clusters, do the following:
my-cluster
.my-cluster-ip
.8443
.To create a DNS entry in GCP for your TKGI cluster, do the following:
From the GCP console, navigate to Network Services > Cloud DNS.
Select the DNS zone for your domain. To retrieve your zone name, select the zone you used when you created the TKGI API DNS entry. See the Create a DNS Entry section in Creating a GCP Load Balancer for the TKGI API.
Click Add record set.
Under DNS Name, enter a subdomain for the load balancer. For example, if your domain is example.com
, enter my-cluster
in this field to use my-cluster.example.com
as your TKGI cluster load balancer hostname.
Under Resource Record Type, select A to create a DNS address record.
Enter a value for TTL and select a TTL Unit.
Enter the GCP-assigned IP address you created in Create a Load Balancer above.
Click Create.
To create a cluster, follow the steps input Create a Kubernetes Cluster section of Creating Clusters. Use the TKGI cluster hostname from the above step as the external hostname when you run the tkgi create-cluster
command.
To configure the back end of the load balancer, do the following:
Record the ID for your control plane node VMs by doing one of the following:
Complete the following procedure:
Log in to TKGI by running the following command:
```
tkgi login -a TKGI-API -u USERNAME -k
```
Where:
* `TKGI-API` is the domain name for the TKGI API that you entered in **Ops Manager** > **Tanzu Kubernetes Grid Integrated Edition** > **TKGI API** > **API Hostname (FQDN)**. For example, `api.tkgi.example.com`.
* `USERNAME` is your user name.
Note: If your operator has configured Tanzu Kubernetes Grid Integrated Edition to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in TKGI CLI. For information about configuring SAML, see Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider
Locate the control plane node IP addresses by running the following command:
```
tkgi cluster CLUSTER-NAME
```
Where `CLUSTER-NAME` is the unique name for your cluster.<br><br>
From the output of this command, record the value of **Kubernetes Master IP(s)**. This value lists the IP addresses of all control plane node VMs in the cluster.
Navigate to the Google Cloud Platform console.
Warning: If control plane VMs are recreated for any reason, such as a stemcell upgrade, you must reconfigure the load balancer to target the new control plane VMs. For more information, see the Reconfigure Load Balancer section below.
Note: For clusters with multiple control plane node VMs, health checks on port 8443 are recommended.
To create a network tag, do the following:
master
in the Filter VM Instances search box and press Enter.To create firewall rules, do the following:
Specified target tags
and enter the tag you made in Create a Network Tag in the Target tags field.tcp:
. For example: tcp:8443
.To complete cluster configuration, do the following:
From your local workstation, run tkgi get-credentials CLUSTER-NAME
.
Where CLUSTER-NAME
is the unique name for your cluster. For example:
$ tkgi get-credentials tkgi-example-clusterThe
Fetching credentials for cluster tkgi-example-cluster. Context set for cluster tkgi-example-cluster.
tkgi get-credentials
command creates a local kubeconfig
that enables you to manage the cluster. For more information about the tkgi get-credentials
command, see Retrieving Cluster Credentials and Configuration. Note: If your operator has configured Tanzu Kubernetes Grid Integrated Edition to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in TKGI CLI. For information about configuring SAML, see Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider
Run kubectl cluster-info
to confirm you can access your cluster using the Kubernetes CLI.
See Managing Tanzu Kubernetes Grid Integrated Edition for information about checking cluster health and viewing cluster logs.
If Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new control plane VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.
To reconfigure your GCP cluster load balancer to use the new control plane VMs, do the following: