Service Type LoadBalancer

Overview

A service of type LoadBalancer is the simplest and the fastest way to expose a service inside a Kubernetes cluster to the external world. You only need to specify the service type as type=LoadBalancer in the service definition.

Services of type LoadBalancer are natively supported in Kubernetes deployments. When you create a service of type LoadBalancer it spins up service in integration with F5 IPAM Controller which allocates an IP address that will forward all traffic to your service.

For services of the type LoadBalancer, the controller deployed inside the Kubernetes cluster configures a service type LB. Using CIS, you can load balance the incoming traffic to the Kubernetes cluster. CIS manages IP addresses using FIC so you can maximize the utilization of load balancer resources and significantly reduce your operational expenses.


A manifest for a service of type LoadBalancer
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
apiVersion: v1
kind: Service
metadata:
  annotations:
    cis.f5.com/ipamLabel: test
    cis.f5.com/health: '{"interval": 10, "timeout": 31}'
  labels:
    app: svc-lb1
  name: svc-lb1
  namespace: default
spec:
  ports:
    - name: svc-lb1-80
      port: 80
      protocol: TCP
      targetPort: 80
    - name: svc-lb1-8080
      port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app: svc-lb1
  type: LoadBalancer

When a new service of type LoadBalancer is created, the following events occur:

  • CIS creates an object for the service whenever the loadBalancerIP field in the service is empty.
  • The IPAM controller assigns an IP address to the object.
  • Once the object is updated with the IP address, the controller automatically configures BIG-IP.

The LoadBalancer service type is an extension of the NodePort type, which is an extension of the ClusterIP type.

After you create the service, you can use kubectl get service -o yaml to view its specification and see the stable external IP address.

Parameters

Parameters mandatory for service type LoadBalancer:

  • Annotation

    cis.f5.com/ipamLabel: test

  • Type

    type: LoadBalancer

Note

Under annotation, you need to mention the specified type to tag provided in the IP-range parameter (mentioned in FIC deployment) to allocated IP addresses to service type LB.

Parameters mandatory for CIS deployment are:

  • custom-resource-mode=true
  • ipam=true

Examples

deployment.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will terminate the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
  labels:
    name: test-bigip-controller-1
  name: test-bigip-controller-1
  namespace: kube-system
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: test-bigip-controller-1
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: test-bigip-controller-1
    spec:
      containers:
      - args:
        - --bigip-partition
        - test
        - --bigip-url
        - 10.145.79.35
        - --bigip-username
        - admin
        - --bigip-password
        - admin
        - --verify-interval
        - "2"
        - --node-poll-interval
        - "1"
        - --log-level
        - DEBUG
        - --as3-validation=true
        - --insecure
        - --log-as3-response=true
        - --custom-resource-mode=true
        - --ipam=true
        - --pool-member-type
        - nodeport
        command:
        - /app/bin/k8s-bigip-ctlr
        image: f5networks/k8s-bigip-ctlr:2.4.0
        imagePullPolicy: IfNotPresent
        name: test-bigip-controller-1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: bigip-controller
      serviceAccountName: bigip-controller
      terminationGracePeriodSeconds: 30

service.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will terminate the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: v1
kind: Service
metadata:
  annotations:
    cis.f5.com/ipamLabel: prod
  labels:
    app: svc-lb1
  name: svc-lb1
  namespace: default
spec:
  clusterIP: 10.105.111.175
  externalTrafficPolicy: Cluster
  ports:
  - name: svc-lb1-80
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: svc-lb1
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer:

multiport-service.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  annotations:
    cis.f5.com/health: '{"interval": 10, "timeout": 31}'
    cis.f5.com/ipamLabel: prod
  labels:
    app: svc-lb1
  name: svc-lb1
  namespace: default
spec:
  ports:
  - name: svc-lb1-80
    port: 80
    protocol: TCP
    targetPort: 80
  - name: svc-lb1-8080
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: svc-lb1
  type: LoadBalancer

clusterrole.yaml
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will terminate the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: bigip-ctlr-clusterrole
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - nodes
  - services
  - namespaces
  - secrets
  - pods
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  - events
  - services/status
  verbs:
  - get
  - list
  - watch
  - update
  - create
  - patch
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - cis.f5.com
  resources:
  - virtualservers
  - tlsprofiles
  - transportservers
  - externaldnss
  - ingresslinks
  verbs:
  - get
  - list
  - watch
  - update
- apiGroups:
  - fic.f5.com
  resources:
  - f5ipams
  - f5ipams/status
  verbs:
  - get
  - list
  - update
  - watch
  - create
  - patch
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - get
  - list
  - update
  - watch
  - create
  - patch
- apiGroups:
  - extensions
  resources:
  - ingresses/status
  verbs:
  - get
  - list
  - update
  - watch
  - create
  - patch
---

 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: bigip-ctlr-clusterrole-binding
   namespace: kube-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: bigip-ctlr-clusterrole
 subjects:
 - apiGroup: ""
   kind: ServiceAccount
   name: bigip-controller
   namespace: kube-system

ipam-controller-deployment.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will terminate the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
  labels:
    name: test-ipam-controller-2
  name: test-ipam-controller-2
  namespace: kube-system
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: test-ipam-controller-2
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: test-ipam-controller-2
    spec:
      containers:
      - args:
        - --orchestration
        - kubernetes
        - --ip-range
        - '{"test" : "10.8.3.100-10.8.3.105","prod" : "10.8.3.50-10.8.3.55"}'
        - --log-level
        - DEBUG
        command:
        - /app/bin/f5-ipam-controller
        image: f5networks/f5-ipam-controller:0.1.2
        imagePullPolicy: IfNotPresent
        name: test-ipam-controller-2
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: bigip-controller
      serviceAccountName: bigip-controller
      terminationGracePeriodSeconds: 30

Note

To provide feedback on Container Ingress Services or this documentation, you can file a GitHub Issue.