Service Type LoadBalancer¶
Overview of Service Type LoadBalancer¶
A service of type LoadBalancer is the simplest and the fastest way to expose a service inside a Kubernetes cluster to the external world. You only need to specify the service type as type=LoadBalancer
in the service definition.
Services of type LoadBalancer are natively supported in Kubernetes deployments. When you create a service of type LoadBalancer it spins up service in integration with F5 IPAM Controller which allocates an IP address that will forward all traffic to your service.
For services of the type LoadBalancer, the controller deployed inside the Kubernetes cluster configures a service type LB. Using CIS, you can load balance the incoming traffic to the Kubernetes cluster. CIS manages IP addresses using FIC so you can maximize the utilization of load balancer resources and significantly reduce your operational expenses.
LoadBalancer
¶1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | apiVersion: v1
kind: Service
metadata:
annotations:
cis.f5.com/ipamLabel: test
cis.f5.com/health: '{"interval": 10, "timeout": 31}'
labels:
app: svc-lb1
name: svc-lb1
namespace: default
spec:
ports:
- name: svc-lb1-80
port: 80
protocol: TCP
targetPort: 80
- name: svc-lb1-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: svc-lb1
type: LoadBalancer
|
When a new service of type LoadBalancer is created, the following events occur:
- CIS creates an object for the service whenever the
loadBalancerIP
field in the service is empty. - The IPAM controller assigns an IP address to the object.
- Once the object is updated with the IP address, the controller automatically configures BIG-IP.
The LoadBalancer service type is an extension of the NodePort type, which is an extension of the ClusterIP type.
After you create the service, you can use kubectl get service -o yaml
to view its specification and see the stable external IP address.
Parameters¶
Parameters mandatory for service type LoadBalancer:
Annotation
cis.f5.com/ipamLabel: test
Type
type: LoadBalancer
Note
Under annotation, you need to mention the specified type to tag provided in the IP-range parameter (mentioned in FIC deployment) to allocated IP addresses to service type LB.
Parameters mandatory for CIS deployment are:
custom-resource-mode=true
ipam=true
Examples Repository¶
See also
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | # Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will terminate the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
labels:
name: test-bigip-controller-1
name: test-bigip-controller-1
namespace: kube-system
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: test-bigip-controller-1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: test-bigip-controller-1
spec:
containers:
- args:
- --bigip-partition
- test
- --bigip-url
- 10.145.79.35
- --bigip-username
- admin
- --bigip-password
- admin
- --verify-interval
- "2"
- --node-poll-interval
- "1"
- --log-level
- DEBUG
- --as3-validation=true
- --insecure
- --log-as3-response=true
- --custom-resource-mode=true
- --ipam=true
- --pool-member-type
- nodeport
command:
- /app/bin/k8s-bigip-ctlr
image: f5networks/k8s-bigip-ctlr:2.4.0
imagePullPolicy: IfNotPresent
name: test-bigip-controller-1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: bigip-controller
serviceAccountName: bigip-controller
terminationGracePeriodSeconds: 30
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | # Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will terminate the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: v1
kind: Service
metadata:
annotations:
cis.f5.com/ipamLabel: prod
labels:
app: svc-lb1
name: svc-lb1
namespace: default
spec:
clusterIP: 10.105.111.175
externalTrafficPolicy: Cluster
ports:
- name: svc-lb1-80
port: 80
protocol: TCP
targetPort: 80
selector:
app: svc-lb1
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | # Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
cis.f5.com/health: '{"interval": 10, "timeout": 31}'
cis.f5.com/ipamLabel: prod
labels:
app: svc-lb1
name: svc-lb1
namespace: default
spec:
ports:
- name: svc-lb1-80
port: 80
protocol: TCP
targetPort: 80
- name: svc-lb1-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: svc-lb1
type: LoadBalancer
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | # Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will terminate the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: bigip-ctlr-clusterrole
rules:
- apiGroups:
- ""
resources:
- endpoints
- nodes
- services
- namespaces
- secrets
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
- events
- services/status
verbs:
- get
- list
- watch
- update
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- cis.f5.com
resources:
- virtualservers
- tlsprofiles
- transportservers
- externaldnss
- ingresslinks
verbs:
- get
- list
- watch
- update
- apiGroups:
- fic.f5.com
resources:
- f5ipams
- f5ipams/status
verbs:
- get
- list
- update
- watch
- create
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- update
- watch
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- get
- list
- update
- watch
- create
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: bigip-ctlr-clusterrole-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: bigip-ctlr-clusterrole
subjects:
- apiGroup: ""
kind: ServiceAccount
name: bigip-controller
namespace: kube-system
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | # Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will terminate the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
labels:
name: test-ipam-controller-2
name: test-ipam-controller-2
namespace: kube-system
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: test-ipam-controller-2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: test-ipam-controller-2
spec:
containers:
- args:
- --orchestration
- kubernetes
- --ip-range
- '{"test" : "10.8.3.100-10.8.3.105","prod" : "10.8.3.50-10.8.3.55"}'
- --log-level
- DEBUG
command:
- /app/bin/f5-ipam-controller
image: f5networks/f5-ipam-controller:0.1.2
imagePullPolicy: IfNotPresent
name: test-ipam-controller-2
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: bigip-controller
serviceAccountName: bigip-controller
terminationGracePeriodSeconds: 30
|
Note
To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.