This topic describes how to scale ingress resources for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).
Note: This feature requires NCP v2.5.1 or later.
The NSX-T Load Balancer is a logical load balancer that handles a number of functions using virtual servers and pools.
The NSX-T load balancer creates a load balancer service for each Kubernetes cluster provisioned by Tanzu Kubernetes Grid Integrated Edition with NSX-T. For each load balancer service, NCP, by way of the Kubernetes CustomResourceDefinition (CRD), creates corresponding NSXLoadBalancerMonitor objects.
By default Tanzu Kubernetes Grid Integrated Edition deploys the following NSX-T virtual servers for each Kubernetes cluster:
type: LoadBalancer
.For information about configuring layer 7 ingress routing load balancers see Determine Your Load Balancer’s Status, below. For information about configuring the layer 7 ingress controller see Defining Network Profiles for the HTTP/S Layer 7 Ingress Controller.
For information about configuring TCP layer 4 ingress controller see Defining Network Profiles for the TCP Layer 4 Load Balancer.
For more information about the NSX-T Load Balancer, see Create an IP Pool in Manager Mode or Add an IP Address Pool in the VMware documentation.
For more information about Kubernetes custom resources, see Custom resources in the Kubernetes documentation.
Before scaling your ingress load balancers, understand your load balancer’s status: Use the NSXLoadBalancerMonitor CRD to monitor your NSX-T load balancer service, including traffic, usage, and health score information. The NSXLoadBalancerMonitor CRD provides information for the health of the NSX-T load balancer service, and the NSX-T Edge Node running the load balancer.
For more information about monitoring using the NSXLoadBalancerMonitor CRD see Monitoring Ingress Resources.
The LoadBalancer CRD provides you with an interactive method to scale the load balancer for ingress routing.
Use the LoadBalancer CRD to create a new ingress load balancer.
To configure a new ingress load balancer, configure a new YAML file as follows:
apiVersion: vmware.com/v1alpha1
kind: LoadBalancer
metadata:
name: LB-NAME
spec:
httpConfig: HTTP-CONFIG
virtualIP: IP-ADDRESS
port: PORT
tls:
port: TLS-PORT
secretName: SECRET-NAME
secretNamespace: SECRET-NAMESPACE
xForwardedFor: FORWARD-TYPE
affinity:
type: IP-SOURCE
timeout: TIMEOUT
size: SIZE
virtualNetwork: NETWORK-NAME
status:
httpVirtualIP: V-IP-ADDRESS
Where:
LB-NAME
is the display name of the loadBalancer.HTTP-CONFIG
(Optional) is the configuration to support http/https route on the loadBalancer. Set as httpConfig: {}
to apply default settings.IP-ADDRESS
(Optional) is the virtual IP address. Defaults to auto_allocate
.PORT
(Optional) is the port. Defaults to 80
.TLS-PORT
(Optional) is the TLS port. Defaults to 443
.SECRET-NAME
(Optional) is the TLS secret name. Defaults to nil
.SECRET-NAMESPACE
(Optional) is the TLS secret namespace. Defaults to nil
. You must deploy the new ingress load balancer in the same namespace where you deploy the ingress resource.FORWARD-TYPE
(Optional) is the forward type. Supported values are: INSERT
and REPLACE
. Defaults to nil
.IP-SOURCE
(Optional) is the source IP. Supported values are: sourceIP
and cookie
.TIMEOUT
(Optional) is the connection timeout. Defaults to 10800
.SIZE
(Optional) is the ingress load balancer size. Supported values are: SMALL
and MEDIUM
. Defaults to SMALL
.NETWORK-NAME
(Optional) is the virtual network name. Defaults to nil
.V-IP-ADDRESS
is the external IP address for http/https virtual server. The external IP address can be auto-allocated or user specified.To create a new ingress load balancer run the following command:
kubectl apply –f YAML-FILE
Where YAML-FILE
is the filename of a the load balancer configuration YAML file.
For example:
# kubectl apply –f lb.yaml
apiVersion: vmware.com/v1alpha1
kind: LoadBalancer
metadata:
name: cluster1_lbs0
spec:
httpConfig:
virtualIP:
port: 233
tls:
port: 2333
secretName: default_secret
secretNamespace: default
xForwardedFor: INSERT
affinity:
type: source_ip
timeout: 100
size: MEDIUM
virtualNetwork: virtualnetwork1
status:
httpVirtualIP: <realized external ip>
Annotate the Kubernetes ingress resource with the newly created ingress load balancer. NCP will attach the ingress rules to the scaled out load balancer.
To configure a Kubernetes ingress resource with the new ingress load balancer, configure a new YAML file as follows:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ING-NAME
annotations:
kubernetes.io/ingress.class: "nsx"
nsx/loadbalancer: LB-NAME
spec:
rules:
- host: HOST-NAME
http:
paths:
- path: HTTP-PATH
pathType: PATH-TYPE
backend:
service:
name: SERVICE-NAME
port:
number: SERVICE-PORT
Where:
ING-NAME
is the name of the ingress resource.LB-NAME
is the display name of the loadBalancer.HOST-NAME
is the host name.HTTP-PATH
is the HTTP path.PATH-TYPE
refers to Ingress Path types in the Kubernetes documentation.SERVICE-NAME
is the http backend service name.SERVICE-PORT
is the http backend service port.To annotate the Kubernetes ingress resource with the newly created ingress load balancer, run the following command:
kubectl apply –f YAML-FILE
Where YAML-FILE
is the filename of a the Kubernetes ingress resource configuration YAML file.
For example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: svc-ingress1
annotations:
kubernetes.io/ingress.class: "nsx"
nsx/loadbalancer: cluster1_lbs0
spec:
rules:
- host: test.com
http:
paths:
- path: /testpath
pathType: Prefix
backend:
service:
name: svc1
port:
number: 80