NSX ALB as Cluster Load Balancer Service Provider

NSX ALB can act as the external Load Balancer provider for your Kubernetes clusters in a Tanzu Kubernetes Grid deployment.

Basic Setup: Configure NSX ALB as Load Balancer Implementation for All Clusters

To configure NSX ALB Load Balancer implementation for all clusters:

  1. Create a management cluster configuration YAML file, and add the following fields in the file:

    AVI_ENABLE: true
    AVI_CONTROLLER: <avi controller IP address or FQDN>
    AVI_USERNAME: <avi admin username>
    AVI_PASSWORD: <avi admin password>
    AVI_CA_DATA_B64: <base64 encoded certificate>
    AVI_CLOUD_NAME: <cloud you configured to deploy virtual services>
    AVI_SERVICE_ENGINE_GROUP: <SEG you configured to host virtual services>
    AVI_DATA_NETWORK: <VIP Network you want to use for your load balancer external IP>
    AVI_DATA_NETWORK_CIDR: <above VIP Network's CIDR>
    
    #### only for NSX-T cloud ####
    AVI_NSXT_T1LR: <NSX-T Tier 1 path used for NSX Advanced Loader Balancer backend network>
    

    For more information on creating a management cluster configuration file, see Create a Management Cluster Configuration File.

  2. Create the management cluster by using the tanzu management-cluster create command.

NSX ALB is now configured as the load balancer for the management cluster and all the workload clusters that are created by this management cluster.

Configure the Advanced L4 Load Balancer Features of NSX ALB

Optionally, you can configure certain advanced load balancing features of NSX ALB in Tanzu Kubernetes Grid.

(Optional) Enable NSX ALB as the Load Balancer implementation on specific workload clusters

To configure NSX ALB as the Load Balancer only on specific workload clusters:

  1. Create a management cluster configuration YAML file, and add the following fields in the file:

    AVI_ENABLE: true
    AVI_LABELS: '{"enable-nsx-alb":"true"}'
    AVI_CONTROLLER: <avi controller IP address or FQDN>
    AVI_USERNAME: <avi admin username>
    AVI_PASSWORD: <avi admin password>
    AVI_CA_DATA_B64: <base64 encoded certificate>
    AVI_CLOUD_NAME: <cloud you configured to deploy virtual services>
    AVI_SERVICE_ENGINE_GROUP: <SEG you configured to host virtual services>
    AVI_DATA_NETWORK: <VIP Network you want to use for your load balancer external IP>
    AVI_DATA_NETWORK_CIDR: <above VIP Network's CIDR>
    
    #### only for NSX-T cloud ####
    AVI_NSXT_T1LR: <NSX-T Tier 1 path used for NSX Advanced Loader Balancer backend network>
    

    For more information on creating a management cluster configuration file, see Create a Management Cluster Configuration File.

  2. Create the management cluster by using the tanzu management-cluster create command.

  3. In the workload cluster configuration YAML file, add the following field:

    AVI_LABELS: '{"enable-nsx-alb":"true"}'
    
  4. Create the workload cluster by using the tanzu cluster create command.

NSX ALB is now configured as the load balancer only for the workload clusters that have the corresponding AVI_LABELS value.

Configure External Static IP Address for NSX ALB

This feature leverages the Avi Kubernetes Operator (AKO) application that is deployed in the clusters. For information, see Service of Type Load Balancer with Preferred IP.

Ensure that the IP address that you specify is an unallocated address in the IP pool that is configured in your Avi Controller.

To configure external static IP address for the load balancer service provided by NSX ALB, add the external IP address in the loadbalancerIP field in the load balancer type of service configuration file, as shown in this example:

apiVersion: v1
kind: Service
metadata:
  name: corgi-test
spec:
  type: LoadBalancer
  selector:
    corgi: test
  ports:
    - nodePort: 30008
      port: 80
      targetPort: 80
  loadBalancerIP: 1.1.1.1
  

Configure v1alpha1 API Gateways for NSX ALB

A Tanzu Kubernetes Grid deployment integrated with NSX ALB supports the gateway APIs v1alpha1. This feature leverages the AKO application deployed in the clusters. For more information on the gateway API support, see Gateway and Gateway Class.

To configure the v1alpha1 API Gateways for the load balancer services provided by NSX ALB, set the flag spec.extraConfigs.servicesAPI in the AKODeploymentConfig object to true. The following is an example:

apiVersion: ako.vmware.com/v1alpha1
kind: AviInfraSetting
metadata:
  name: sample-infrasetting
spec:
  seGroup:
    name: Default-Group
---
apiVersion: networking.x-k8s.io/v1alpha1
kind: GatewayClass
metadata:
  name: sample-gateway-class
spec:
  controller: ako.vmware.com/avi-lb
  parametersRef:
    group: ako.vmware.com
    kind: AviInfraSetting
    name: sample-infrasetting
---
kind: Gateway
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
  name: sample-gateway
spec:
  gatewayClassName: sample-gateway-class
  listeners:
    - protocol: TCP
      port: 80
      routes:
        selector:
          matchLabels:
            ako.vmware.com/gateway-namespace: default
            ako.vmware.com/gateway-name: sample-gateway
        group: v1
        kind: Service
    - protocol: TCP
      port: 81
      routes:
        selector:
          matchLabels:
            ako.vmware.com/gateway-namespace: default
            ako.vmware.com/gateway-name: sample-gateway
        group: v1
        kind: Service
---
apiVersion: v1
kind: Service
metadata:
  name: coffee-svc
  labels:
    app: coffee
    ako.vmware.com/gateway-name: sample-gateway
    ako.vmware.com/gateway-namespace: default
spec:
  ports:
    - port: 81
      targetPort: 80
      protocol: TCP
  selector:
    app: coffee
  type: NodePort   # <== service type should be aligned with AKODeploymentConfig.spec.extraConfigs.ingress.serviceType, NodePort is the default value.
---
apiVersion: v1
kind: Service
metadata:
  name: tea-svc
  labels:
    app: tea
    ako.vmware.com/gateway-name: sample-gateway
    ako.vmware.com/gateway-namespace: default
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    app: tea
  type: NodePort # <== service type should be aligned with AKODeploymentConfig.spec.extraConfigs.ingress.serviceType, NodePort is the default value.
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-coffee
spec:
  selector:
    matchLabels:
      app: coffee
  replicas: 1
  template:
    metadata:
      labels:
        app: coffee
    spec:
      containers:
        - name: nginx
          image: harbor-repo.vmware.com/dockerhub-proxy-cache/library/nginx
          ports:
            - containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-tea
spec:
  selector:
    matchLabels:
      app: tea
  replicas: 1
  template:
    metadata:
      labels:
        app: tea
    spec:
      containers:
        - name: nginx
          image: harbor-repo.vmware.com/dockerhub-proxy-cache/library/nginx
          ports:
            - containerPort: 80

Other NSX ALB Features in Tanzu Kubernetes Grid

All the NSX ALB features that can be availed through AKO are supported in Tanzu Kubernetes Grid. To use a feature, set the corresponding value in the AKODeploymentConfig.spec.extraConfigs.<FEATURE-KNOB> object. For more information, see Avi Kubernetes Operator Deployment Guide.

NSX ALB in the Management Cluster

NSX ALB as the load balancer service provider is automatically enabled in the management cluster if NSX ALB is enabled in your Tanzu Kubernetes Grid deployment.

check-circle-line exclamation-circle-line close-line
Scroll to top icon