This topic describes how to configure an Amazon Web Services (AWS) load balancer for your VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) cluster.
A load balancer is a third-party device that distributes network and application traffic across resources.
You can use a load balancer to prevent individual network components from being overloaded by high traffic. You can also use a load balancer to secure and facilitate access to a TKGI cluster from outside the network.
You can use an AWS TKGI cluster load balancer to secure and facilitate access to a Tanzu Kubernetes Grid Integrated Edition cluster from outside the network. You can also reconfigure your AWS Tanzu Kubernetes Grid Integrated Edition cluster load balancers.
Using an AWS TKGI cluster load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster using the TKGI API and kubectl
.
For more information about the different types of load balancers used in a Tanzu Kubernetes Grid Integrated Edition deployment see Load Balancers in TKGI.
Note: If Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your AWS TKGI cluster load balancers to point to the new control plane VMs.
The version of the TKGI CLI you are using must match the version of the Tanzu Kubernetes Grid Integrated Edition tile that you are installing.
Note: Modify the example commands in this procedure to match the details of your Tanzu Kubernetes Grid Integrated Edition installation.
To define your load balancer using AWS, you must provide a name, select a VPC, specify listeners, and select subnets where you want to create the load balancer.
Perform the following steps:
k8s-master-CLUSTERNAME
where CLUSTERNAME
is a unique name that you provide when creating the cluster. For example, k8s-master-mycluster
.
8443
.8443
.Perform the following steps to assign security groups:
On the Assign Security Groups page, select one of the following:
TCP
with Ports 8443
.TCP
with Ports 8443
.Click Next: Configure Security Settings.
On the Configure Security Settings page, ignore the warning. SSL termination is done on the Kubernetes API.
Perform the following steps to configure the health check:
On the Configure Health Check page, set the Ping Protocol to TCP
.
For Ping Port, enter 8443
.
Click Next: Add EC2 Instances.
Perform the following steps:
Verify the settings under Availability Zone Distribution.
Click Add Tags.
Perform the following steps to add tags:
Add tags to your resources to help organize and identify them. Each tag consists of a case-sensitive key-value pair.
Click Review and Create.
Perform the following steps to review your load balancer details and create your load balancer:
On the Review page, review your load balancer details and edit any as necessary.
Click Create.
Create a Kubernetes cluster using the AWS-assigned address of your load balancer as the external hostname when you run the tkgi create-cluster
command. For example:
$ tkgi create-cluster my-cluster \
--external-hostname example111a6511e9a099028c856be95-155233362.eu-west-1.elb.amazonaws.com \
--plan small --num-nodes 10
For more information, see Create a Kubernetes Cluster section of Creating Clusters.
If Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new control plane VMs. For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.
To reconfigure your AWS cluster load balancer to use the new control plane VMs, do the following: