This topic describes how to create and configure a Microsoft Azure load balancer for your VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) cluster.

Overview

A load balancer is a third-party device that distributes network and application traffic across resources.

You can use a load balancer to prevent individual network components from being overloaded by high traffic. You can also use a load balancer to secure and facilitate access to a TKGI cluster from outside the network.

Using an Azure load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster using the TKGI API and Kubernetes CLI (kubectl).

For more information about the different types of load balancers used in a Tanzu Kubernetes Grid Integrated Edition deployment see Load Balancers in TKGI.

Note: If your Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new control plane VMs. For instructions, see Reconfigure Load Balancer.

Prerequisites

To complete the steps below, you must identify the TKGI API VM. You can find the name in the following ways:

• In the Azure Dashboard, locate the VM tagged with instance_group:pivotal-container-service.
• On the command line, run bosh vms.

Create and Configure a Load Balancer

Follow the steps below to create and configure an Azure load balancer for your Tanzu Kubernetes Grid Integrated Edition cluster.

Create Load Balancer

1. In a browser, navigate to the Azure Dashboard.
2. Open the Load Balancers service.
3. Click Add.
4. On the Create load balancer page, complete the form as follows:
   1. Name: Name the load balancer.
   2. Type: Select Public.
   3. SKU: Select Standard.
   4. Public IP address: Select Create new and name the new IP address.
   5. Availability zone: Select an availability zone or Zone-redundant.
   6. Subscription: Select the subscription which has Tanzu Kubernetes Grid Integrated Edition deployed.
   7. Resource group: Select the resource group which has Tanzu Kubernetes Grid Integrated Edition deployed.
   8. Location: Select the location group which has Tanzu Kubernetes Grid Integrated Edition deployed.
5. Click Create.

Create Backend Pool

1. From the Azure Dashboard, open the Load Balancers service.
2. Click the name of the load balancer that you created in Create Load Balancer.
3. On your load balancer page, locate and record the IP address of your load balancer.
4. In the Settings menu, select Backend pools.
5. On the Backend pools page, click Add.
6. On the Add backend pool page, complete the form as follows:
   1. Name: Name the backend pool.
   2. Virtual network: Select the virtual network where the TKGI API VM is deployed.
   3. Virtual machine: Select all of the control plane VMs for your cluster. For information about identifying the control plane VM IDs, see Identify Kubernetes Cluster Control Plane VMs in Creating Clusters.
7. Click Add.

Create Health Probe

1. From the Azure Dashboard, open the Load Balancers service.
2. In the Settings menu, select Health probes.
3. On the Health probes page, click Add.
4. On the Add health probe page, complete the form as follows:
   1. Name: Name the health probe.
   2. Protocol: Select TCP.
   3. Port: Enter 8443.
   4. Interval: Enter the interval of time to wait between probe attempts.
   5. Unhealthy Threshold: Enter a number of consecutive probe failures that must occur before a VM is considered unhealthy.
5. Click OK.

Create Load Balancing Rule

1. From the Azure Dashboard, open the Load Balancers service.
2. In the Settings menu, select Load Balancing Rules.
3. On the Load balancing rules page, click Add.
4. On the Add load balancing rules page, complete the form as follows:
   1. Name: Name the load balancing rule.
   2. IP Version: Select IPv4.
   3. Frontend IP address: Select the appropriate IP address. Clients communicate with your load balancer on the selected IP address and service traffic is routed to the target VM by this NAT rule.
   4. Protocol: Select TCP.
   5. Port: Enter 8443.
   6. Backend port: Enter 8443.
   7. Backend Pool: Select the backend pool that you created in Create Backend Pool.
   8. Health Probe: Select the health probe that you created in Create Health Probe.
   9. Session persistence: Select None.
5. Click OK.

Create Inbound Security Rule

1. From the Azure Dashboard, open the Security Groups service.
2. Click the name of the Security Group attached to the subnet where the TKGI API is deployed.
3. In the Settings menu for your security group, select Inbound security rules.
4. Click Add.
5. On the Add inbound security rule page, click Advanced and complete the form as follows:
   1. Name: Name the inbound security rule.
   2. Source: Select Any.
   3. Source port range: Enter *.
   4. Destination: Select Any.
   5. Destination port range: Enter 8443.
6. Click OK.

Verify Hostname Resolution

Verify that the External hostname used when creating a Kubernetes cluster resolves to the IP address of the load balancer.

For more information, see Create a Kubernetes Cluster in Creating Clusters.

Reconfigure Load Balancer

If your Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new control plane VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.

To reconfigure your Azure cluster load balancer to use the new control plane VMs, do the following:

1. Identify the VM IDs of the new control plane node VMs for the cluster. For information about identifying the control plane VM IDs, see Identify Kubernetes Cluster Control Plane VMs in Creating Clusters.
2. In a browser, navigate to the Azure Dashboard.
3. Open the Load Balancers service.
4. Select the load balancer for your cluster.
5. In the Settings menu, select Backend pools.
6. Update the VMs list with the new control plane VM IDs.
7. Click Save.