NSX ALB as Cluster Load Balancer Service Provider
NSX ALB can act as the external Load Balancer provider for your Kubernetes clusters in a Tanzu Kubernetes Grid deployment.
Basic Setup: Configure NSX ALB as Load Balancer Implementation for All Clusters
To configure NSX ALB Load Balancer implementation for all clusters:
-
Create a management cluster configuration YAML file, and add the following fields in the file:
AVI_ENABLE: true AVI_CONTROLLER: <avi controller IP address or FQDN> AVI_USERNAME: <avi admin username> AVI_PASSWORD: <avi admin password> AVI_CA_DATA_B64: <base64 encoded certificate> AVI_CLOUD_NAME: <cloud you configured to deploy virtual services> AVI_SERVICE_ENGINE_GROUP: <SEG you configured to host virtual services> AVI_DATA_NETWORK: <VIP Network you want to use for your load balancer external IP> AVI_DATA_NETWORK_CIDR: <above VIP Network's CIDR> #### only for NSX-T cloud #### AVI_NSXT_T1LR: <NSX-T Tier 1 path used for NSX Advanced Loader Balancer backend network>For more information on creating a management cluster configuration file, see Create a Management Cluster Configuration File.
-
Create the management cluster by using the
tanzu management-cluster createcommand.
NSX ALB is now configured as the load balancer for the management cluster and all the workload clusters that are created by this management cluster.
Configure the Advanced L4 Load Balancer Features of NSX ALB
Optionally, you can configure certain advanced load balancing features of NSX ALB in Tanzu Kubernetes Grid.
(Optional) Enable NSX ALB as the Load Balancer implementation on specific workload clusters
To configure NSX ALB as the Load Balancer only on specific workload clusters:
-
Create a management cluster configuration YAML file, and add the following fields in the file:
AVI_ENABLE: true AVI_LABELS: '{"enable-nsx-alb":"true"}' AVI_CONTROLLER: <avi controller IP address or FQDN> AVI_USERNAME: <avi admin username> AVI_PASSWORD: <avi admin password> AVI_CA_DATA_B64: <base64 encoded certificate> AVI_CLOUD_NAME: <cloud you configured to deploy virtual services> AVI_SERVICE_ENGINE_GROUP: <SEG you configured to host virtual services> AVI_DATA_NETWORK: <VIP Network you want to use for your load balancer external IP> AVI_DATA_NETWORK_CIDR: <above VIP Network's CIDR> #### only for NSX-T cloud #### AVI_NSXT_T1LR: <NSX-T Tier 1 path used for NSX Advanced Loader Balancer backend network>For more information on creating a management cluster configuration file, see Create a Management Cluster Configuration File.
-
Create the management cluster by using the
tanzu management-cluster createcommand. -
In the workload cluster configuration YAML file, add the following field:
AVI_LABELS: '{"enable-nsx-alb":"true"}' -
Create the workload cluster by using the
tanzu cluster createcommand.
NSX ALB is now configured as the load balancer only for the workload clusters that have the corresponding AVI_LABELS value.
Configure External Static IP Address for NSX ALB
This feature leverages the Avi Kubernetes Operator (AKO) application that is deployed in the clusters. For information, see Service of Type Load Balancer with Preferred IP.
Ensure that the IP address that you specify is an unallocated address in the IP pool that is configured in your Avi Controller.
To configure external static IP address for the load balancer service provided by NSX ALB, add the external IP address in the loadbalancerIP field in the load balancer type of service configuration file, as shown in this example:
apiVersion: v1
kind: Service
metadata:
name: corgi-test
spec:
type: LoadBalancer
selector:
corgi: test
ports:
- nodePort: 30008
port: 80
targetPort: 80
loadBalancerIP: 1.1.1.1
Configure v1alpha1 API Gateways for NSX ALB
A Tanzu Kubernetes Grid deployment integrated with NSX ALB supports the gateway APIs v1alpha1. This feature leverages the AKO application deployed in the clusters. For more information on the gateway API support, see Gateway and Gateway Class.
To configure the v1alpha1 API Gateways for the load balancer services provided by NSX ALB, set the flag spec.extraConfigs.servicesAPI in the AKODeploymentConfig object to true. The following is an example:
apiVersion: ako.vmware.com/v1alpha1
kind: AviInfraSetting
metadata:
name: sample-infrasetting
spec:
seGroup:
name: Default-Group
---
apiVersion: networking.x-k8s.io/v1alpha1
kind: GatewayClass
metadata:
name: sample-gateway-class
spec:
controller: ako.vmware.com/avi-lb
parametersRef:
group: ako.vmware.com
kind: AviInfraSetting
name: sample-infrasetting
---
kind: Gateway
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: sample-gateway
spec:
gatewayClassName: sample-gateway-class
listeners:
- protocol: TCP
port: 80
routes:
selector:
matchLabels:
ako.vmware.com/gateway-namespace: default
ako.vmware.com/gateway-name: sample-gateway
group: v1
kind: Service
- protocol: TCP
port: 81
routes:
selector:
matchLabels:
ako.vmware.com/gateway-namespace: default
ako.vmware.com/gateway-name: sample-gateway
group: v1
kind: Service
---
apiVersion: v1
kind: Service
metadata:
name: coffee-svc
labels:
app: coffee
ako.vmware.com/gateway-name: sample-gateway
ako.vmware.com/gateway-namespace: default
spec:
ports:
- port: 81
targetPort: 80
protocol: TCP
selector:
app: coffee
type: NodePort # <== service type should be aligned with AKODeploymentConfig.spec.extraConfigs.ingress.serviceType, NodePort is the default value.
---
apiVersion: v1
kind: Service
metadata:
name: tea-svc
labels:
app: tea
ako.vmware.com/gateway-name: sample-gateway
ako.vmware.com/gateway-namespace: default
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: tea
type: NodePort # <== service type should be aligned with AKODeploymentConfig.spec.extraConfigs.ingress.serviceType, NodePort is the default value.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-coffee
spec:
selector:
matchLabels:
app: coffee
replicas: 1
template:
metadata:
labels:
app: coffee
spec:
containers:
- name: nginx
image: harbor-repo.vmware.com/dockerhub-proxy-cache/library/nginx
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-tea
spec:
selector:
matchLabels:
app: tea
replicas: 1
template:
metadata:
labels:
app: tea
spec:
containers:
- name: nginx
image: harbor-repo.vmware.com/dockerhub-proxy-cache/library/nginx
ports:
- containerPort: 80
Other NSX ALB Features in Tanzu Kubernetes Grid
All the NSX ALB features that can be availed through AKO are supported in Tanzu Kubernetes Grid. To use a feature, set the corresponding value in the AKODeploymentConfig.spec.extraConfigs.<FEATURE-KNOB> object. For more information, see Avi Kubernetes Operator Deployment Guide.
NSX ALB in the Management Cluster
NSX ALB as the load balancer service provider is automatically enabled in the management cluster if NSX ALB is enabled in your Tanzu Kubernetes Grid deployment.
