Skip to main content

Using Loadbalancers

Loadbalancers are an essential component in a Kubernetes cluster, enabling the distribution of traffic to multiple pods and ensuring high availability of applications. The type of loadbalancer used in your managed Kubernetes cluster depends on the environment.

Environment-Specific Loadbalancer Configurations

The following sections outline the loadbalancer configurations used in different environments:

OpenStack with FortiGate

In an OpenStack environment with FortiGate, we do not support LoadBalancer resources. Instead, we recommend using NodePorts in combination with the FortiGate Loadbalancer. This approach allows you to leverage the advanced security features of FortiGate while still providing loadbalancing capabilities for your applications.

Example: Exposing a Service using NodePort and FortiGate

yaml
12345678910111213
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
  - name: http
    port: 80
    targetPort: 8080
    nodePort: 30080
  type: NodePort
yaml
1
kubectl apply -f my-service.yaml

Then, configure the FortiGate Loadbalancer to point to the NodePort:

yaml
1234567891011
fortigate-config set load-balance virtual-server "my-virtual-server"
  set port 80
  set protocol http
  set server-group "my-server-group"
  config server
    edit 1
      set ip 10.0.0.1
      set port 30080
    next
  end
end

This will expose the my-service service to the outside world through the FortiGate Loadbalancer.

Bare Metal Cluster

In a bare metal cluster, we use MetalLB implementations that peer with FortiGate instances using BGP (Border Gateway Protocol). This approach provides a highly available and scalable loadbalancing solution, integrated with the FortiGate security platform.

Example: Configuring MetalLB with BGP

yaml
123456789
apiVersion: metallb.io/v1beta1
kind: MetalLB
metadata:
  name: my-metallb
spec:
  peers:
  - peerAddress: 10.0.0.1
    peerAS: 64512
    myAS: 64512
yaml
1
kubectl apply -f my-metallb.yaml

Then, configure the FortiGate instance to peer with MetalLB using BGP:

yaml
12345678
fortigate-config set router bgp 64512
  config neighbor
    edit 10.0.0.1
      set remote-as 64512
      set ebgp-enforce-multihop enable
    next
  end
end

This will configure MetalLB to peer with the FortiGate instance using BGP and provide loadbalancing capabilities for your applications.

Key Considerations

When working with loadbalancers in your managed Kubernetes cluster, keep the following key considerations in mind:

  • Ensure you understand the loadbalancer configuration specific to your environment.
  • Use the recommended loadbalancer resources and configurations for your environment to ensure optimal performance and availability.
  • Consult with our support team if you have questions or concerns about loadbalancer configurations or troubleshooting. By following these guidelines and understanding the loadbalancer configurations used in your environment, you can ensure the successful deployment and management of your applications in our managed Kubernetes cluster.
Last updated on