An example for AWS (Network Load Balancer) | Пример для AWS (Network Load Balancer) |
When creating a balancer, all zones available in the cluster will be used. | При создании балансировщика будут использованы все доступные в кластере зоны. |
In each zone, the balancer receives a public IP. If there is an instance with an Ingress controller in the zone, an A-record with the balancer’s IP address from this zone is automatically added to the balancer’s domain name. | В каждой зоне балансировщик получает публичный IP. Если в зоне есть инстанс с Ingress-контроллером, A-запись с IP-адресом балансировщика из этой зоны автоматически добавляется к доменному имени балансировщика. |
When there are no instances with an Ingress controller in the zone, then the IP is automatically removed from the DNS. | Если в зоне не остается инстансов с Ingress-контроллером, тогда IP автоматически убирается из DNS. |
If there is only one instance with an Ingress controller in a zone, when the pod is restarted, the IP address of the balancer of this zone will be temporarily excluded from DNS. | В том случае, если в зоне всего один инстанс с Ingress-контроллером, при перезапуске пода IP-адрес балансировщика этой зоны будет временно исключен из DNS. |
yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: “nginx” inlet: “LoadBalancer” loadBalancer: annotations: service.beta.kubernetes.io/aws-load-balancer-type: “nlb” | yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: LoadBalancer loadBalancer: annotations: service.beta.kubernetes.io/aws-load-balancer-type: “nlb” |
An example for GCP / Yandex Cloud / Azure | Пример для GCP / Yandex Cloud / Azure |
yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: “nginx” inlet: “LoadBalancer” | yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: LoadBalancer |
In GCP, nodes must have an annotation enabling them to accept connections to external addresses for the NodePort type services. | В GCP на узлах должна присутствовать аннотация, разрешающая принимать подключения на внешние адреса для сервисов с типом NodePort. |
An example for OpenStack | Пример для OpenStack |
yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main-lbwpp spec: inlet: LoadBalancerWithProxyProtocol ingressClass: nginx loadBalancerWithProxyProtocol: annotations: loadbalancer.openstack.org/proxy-protocol: “true” loadbalancer.openstack.org/timeout-member-connect: “2000” | yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main-lbwpp spec: inlet: LoadBalancerWithProxyProtocol ingressClass: nginx loadBalancerWithProxyProtocol: annotations: loadbalancer.openstack.org/proxy-protocol: “true” loadbalancer.openstack.org/timeout-member-connect: “2000” |
An example for Bare metal | Пример для bare metal |
yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: HostWithFailover nodeSelector: node-role.deckhouse.io/frontend: “” tolerations:
| yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: HostWithFailover nodeSelector: node-role.deckhouse.io/frontend: “” tolerations:
|
An example for Bare metal (Behind external load balancer, e.g. Cloudflare, Qrator, Nginx+, Citrix ADC, Kemp, etc.) | Пример для bare metal (при использовании внешнего балансировщика, например Cloudflare, Qrator, Nginx+, Citrix ADC, Kemp и др.) |
yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: HostPort hostPort: httpPort: 80 httpsPort: 443 behindL7Proxy: true | yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: HostPort hostPort: httpPort: 80 httpsPort: 443 behindL7Proxy: true |
An example for Bare metal (MetalLB BGP LoadBalancer) | Пример для bare metal (балансировщик MetalLB в режиме BGP LoadBalancer) |
This feature is available in Enterprise Edition only. | Доступно только в Enterprise Edition. |
yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: LoadBalancer nodeSelector: node-role.deckhouse.io/frontend: “” tolerations:
| yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: LoadBalancer nodeSelector: node-role.deckhouse.io/frontend: “” tolerations:
|
In the case of using MetalLB, its speaker Pods must be run on the same Nodes as the Ingress controller Pods. | В случае использования MetalLB его speaker-поды должны быть запущены на тех же узлах, что и поды Ingress–контроллера. |
The controller must receive real IP addresses of clients — therefore its Service is created with the parameter | Контроллер должен получать реальные IP-адреса клиентов — поэтому его Service создается с параметром |
So for the current example metallb module configuration should be like this: | Таким образом, для данного примера конфигурация модуля |
yaml metallb: speaker: nodeSelector: node-role.deckhouse.io/frontend: “” tolerations:
| yaml metallb: speaker: nodeSelector: node-role.deckhouse.io/frontend: “” tolerations:
|
An example for Bare metal (MetalLB L2 LoadBalancer) | Пример для bare metal (балансировщик MetalLB в режиме L2 LoadBalancer) |
This feature is available in Enterprise Edition only. | Доступно только в Enterprise Edition. |
|
|
yaml apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: metallb spec: enabled: true version: 2 | yaml apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: metallb spec: enabled: true version: 2 |
|
|
yaml apiVersion: network.deckhouse.io/v1alpha1 kind: MetalLoadBalancerClass metadata: name: ingress spec: addressPool:
| yaml apiVersion: network.deckhouse.io/v1alpha1 kind: MetalLoadBalancerClass metadata: name: ingress spec: addressPool:
|
|
|
yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: LoadBalancer loadBalancer: loadBalancerClass: ingress annotations: The number of addresses that will be allocated from the pool described in MetalLoadBalancerClass. network.deckhouse.io/l2-load-balancer-external-ips-count: “3” | yaml apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: main spec: ingressClass: nginx inlet: LoadBalancer loadBalancer: loadBalancerClass: ingress annotations: Количество адресов, которые будут выделены из пула, описанного в MetalLoadBalancerClass. network.deckhouse.io/l2-load-balancer-external-ips-count: “3” |
|
|
shell $ kubectl -n d8-ingress-nginx get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE main-load-balancer LoadBalancer 10.222.130.11 192.168.2.100,192.168.2.101,192.168.2.102 80:30689/TCP,443:30668/TCP 11s | shell $ kubectl -n d8-ingress-nginx get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE main-load-balancer LoadBalancer 10.222.130.11 192.168.2.100,192.168.2.101,192.168.2.102 80:30689/TCP,443:30668/TCP 11s |