Load Balancing for HA Kubernetes API Server Setup

Overview

This page describes load balancing options for a HA Kubernetes API Server.

Introduction

For cloud installations, Kublr will create a load balancer for master nodes by default. There are several options:

  1. Create Public Load Balancer (default, if cluster is multi master and is in cloud)
  2. Install and configure HAProxy on the master nodes (default)
  3. Create Private Load Balancer (can be configured in the ClusterSpec)
  4. Do not create any Load Balancer (default if cluster is single-master, can be configured in the ClusterSpec)

Options for on-premises installations:

  1. Install HAProxy as a load balancer and configure it to work with Kubernetes API Server
  2. Use an external load balancer

Create a Private Load Balancer

Example for AWS:

    ...
    spec:
      ...
      master:
        ...
        locations:
        - locationRef: aws1
          aws:
            ...
            masterElbAllocationPolicy: private

Create both private and public load balancers.

Example for AWS:

    ...
    spec:
      ...
      master:
        ...
        locations:
        - locationRef: aws1
          aws:
            ...
            masterElbAllocationPolicy: privateAndPublic

Do not create any Load Balancer

If you don’t need Public or Private ELB, you can disable its creation in the ClusterSpec Example for AWS:

    ...
    spec:
      ...
      master:
        ...
        locations:
        - locationRef: aws1
          aws:
            ...
            masterElbAllocationPolicy: none

On-Premises: Install HAProxy as a load balancer and configure it to work with Kubernetes API Server

Kublr allows installation of a multi-master Kubernetes cluster on-premises. To work with the Kubernetes API:

  1. Configure DNS to resolve to IP addresses of each Kubernetes master. Also, your DNS configuration should set low TTL and should support health checks (In case one of the masters goes down, traffic will be properly forwarded to another healthy hosts)
  2. Another option is to use a load balancer (software or hardware). Let’s use HAProxy as our load balancing software.

Kubernetes API Server is configured to serve incoming requests on port 443. It is needed to configure HAProxy to round robin with health checks to the cluster’s API Servers.

Sample HAProxy configuration (/etc/haproxy/haproxy.cfg) may look like this:

frontend k8s-api
    bind <haproxy address>:443
    bind 127.0.0.1:443
    mode tcp
    option tcplog
    timeout client 300000
    default_backend k8s-api

backend k8s-api
    mode tcp
    option tcplog
    option tcp-check
	timeout server 300000
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100

        server apiserver1 192.168.31.201:443 check
        server apiserver2 192.168.31.202:443 check
        server apiserver3 192.168.31.203:443 check

This configuration will accept traffic on 192.168.31.204:443 (the IP Address/Port where HAProxy is listening) and will forward requests to three servers (apiserver1, apiserver2, apiserver3) using round robin. Additional configuration options are described in HAProxy Configuration Manual

On-Premises: Use external load balancer

For more information, check the documentation of the load balancer you’re using. Kubernetes API Server is configured to listen on port 443. If you need help, please contact a Kublr representative.