-
Notifications
You must be signed in to change notification settings - Fork 68
/
Copy pathaws-cluster-load-balancer.html.md.erb
148 lines (99 loc) · 7.21 KB
/
aws-cluster-load-balancer.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
---
title: Creating and Configuring an AWS Load Balancer for Tanzu Kubernetes Grid Integrated Edition Clusters
owner: TKGI
---
This topic describes how to configure an Amazon Web Services (AWS) load balancer for your VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) cluster.
## <a id='overview'></a>Overview
A load balancer is a third-party device that distributes network and application traffic across resources.
You can use a load balancer to prevent individual network components from being overloaded by high traffic.
You can also use a load balancer to secure and facilitate access to a TKGI cluster from outside the network.
You can use an AWS TKGI cluster load balancer to secure and facilitate access to a Tanzu Kubernetes Grid Integrated Edition cluster from outside the network.
You can also [reconfigure](#reconfigure) your AWS Tanzu Kubernetes Grid Integrated Edition cluster load balancers.
Using an AWS TKGI cluster load balancer is optional, but adding one to your Kubernetes cluster can make it easier to manage the cluster using the TKGI API and `kubectl`.
For more information about the different types of load balancers used in a Tanzu Kubernetes Grid Integrated Edition deployment see [Load Balancers in TKGI](./about-lb.html).
<p class="note"><strong>Note</strong>: If Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your
AWS TKGI cluster load balancers to point to the new control plane VMs.</p>
##<a id="prereqs"></a> Prerequisite
The version of the TKGI CLI you are using must match the version of the Tanzu Kubernetes Grid Integrated Edition tile that you are installing.
<p class="note"><strong>Note</strong>: Modify the example commands in this procedure to match the details of your Tanzu Kubernetes Grid Integrated Edition installation.</p>
##<a id="create"></a> Configure AWS Load Balancer
### <a id='define-lb'></a>Step 1: Define Load Balancer
To define your load balancer using AWS, you must provide a name, select a VPC, specify listeners, and select subnets where you want to create the load balancer.
Perform the following steps:
1. In a browser, navigate to the [AWS Management Console](https://console.aws.amazon.com/console/home).
1. Under **Compute**, click **EC2**.
1. In the **EC2 Dashboard**, under **Load Balancing**, click **Load Balancers**.
1. Click **Create Load Balancer**.
1. Under **Classic Load Balancer**, click **Create**.
1. On the **Define Load Balancer** page, complete the **Basic Configuration** section as follows:
1. **Load Balancer name**: Name the load balancer. <%= vars.recommended_by %> recommends that you name your load balancer `k8s-master-CLUSTERNAME` where `CLUSTERNAME` is a unique name that you provide when creating the cluster. For example, `k8s-master-mycluster`.
1. **Create LB inside**: Select the VPC where you installed Ops Manager.
1. **Create an internal load balancer**: Do not enable this check box. The cluster load balancer must be internet-facing.
1. Complete the **Listeners Configuration** section as follows:
1. Configure the first listener as follows.
* Under **Load Balancer Protocol**, select **TCP**.
* Under **Load Balancer Port**, enter `8443`.
* Under **Instance Protocol**, select **TCP**.
* Under **Instance Port**, enter `8443`.
1. Under **Select Subnets**, select the public subnets for your load balancer in the availability zones where you want to create the load balancer.
1. Click **Next: Assign Security Groups**.
### <a id='assign-security-groups'></a>Step 2: Assign Security Groups
Perform the following steps to assign security groups:
1. On the **Assign Security Groups** page, select one of the following:
* **Create a new security group**: Complete the security group
configuration as follows:
1. **Security group name**: Name your security group.
1. Confirm that your security group includes **Protocol** `TCP` with
**Ports** `8443`.
* **Select an existing security group**: Select the default security group.
The default security group includes includes **Protocol** `TCP` with
**Ports** `8443`.
1. Click **Next: Configure Security Settings**.
### <a id='configure-security-settings'></a>Step 3: Configure Security Settings
On the **Configure Security Settings** page, ignore the warning. SSL termination is done on the Kubernetes API.
### <a id='configure-health-check'></a>Step 4: Configure Health Check
Perform the following steps to configure the health check:
1. On the **Configure Health Check** page, set the **Ping Protocol** to `TCP`.
1. For **Ping Port**, enter `8443`.
1. Click **Next: Add EC2 Instances**.
### <a id='add-ec2-instances'></a>Step 5: Add EC2 Instances
Perform the following steps:
1. Verify the settings under **Availability Zone Distribution**.
1. Click **Add Tags**.
### <a id='add-tags'></a>(Optional) Step 6: Add Tags
Perform the following steps to add tags:
1. Add tags to your resources to help organize and identify them. Each tag consists of a case-sensitive key-value pair.
1. Click **Review and Create**.
### <a id='review-create'></a>Step 7: Review and Create the Load Balancer
Perform the following steps to review your load balancer details and create your load balancer:
1. On the **Review** page, review your load balancer details and edit any as necessary.
1. Click **Create**.
### <a id='create-cluster'></a> Step 8: Create a Cluster
Create a Kubernetes cluster using the AWS-assigned address of your load balancer as the external
hostname when you run the `tkgi create-cluster` command. For example:
```console
$ tkgi create-cluster my-cluster \
--external-hostname example111a6511e9a099028c856be95-155233362.eu-west-1.elb.amazonaws.com \
--plan small --num-nodes 10
```
For more information, see [Create a Kubernetes Cluster](create-cluster.html#create) section of _Creating Clusters_.
### <a id='point'></a>Step 9: Point the Load Balancer to All Control Plane VMs
1. Locate the VM IDs of all control plane node VMs for your cluster.
For information about locating the VM IDs, see [Identify Kubernetes Cluster Control Plane VMs](create-cluster.html#master-id) in _Creating Clusters_.
1. Navigate to the [AWS console](https://console.aws.amazon.com/console/home).
1. Under EC2, select **Load balancers**.
1. Select the load balancer.
1. On the **Instances** tab, click **Edit instances**.
1. Select all control plane nodes in the list of VMs.
1. Click **Save**.
## <a id="reconfigure"></a>Reconfigure AWS Load Balancer
If Kubernetes control plane node VMs are recreated for any reason, you must reconfigure your cluster load balancers to point to the new control plane VMs.
For example, after a stemcell upgrade, BOSH recreates the VMs in your deployment.
To reconfigure your AWS cluster load balancer to use the new control plane VMs, do the following:
1. Locate the VM IDs of the new control plane node VMs for the cluster. For information about locating the VM IDs, see [Identify Kubernetes Cluster Control Plane VMs](create-cluster.html#master-id) in _Creating Clusters_.
1. Navigate to the [AWS console](https://console.aws.amazon.com/console/home).
1. Under EC2, select **Load balancers**.
1. Select the load balancer.
1. On the **Instances** tab, click **Edit instances**.
1. Select the new control plane nodes in the list of VMs.
1. Click **Save**.