|
| 1 | +--- |
| 2 | +title: "Using an OCI Load Balancer" |
| 3 | +date: 2019-09-25T12:41:38-04:00 |
| 4 | +draft: false |
| 5 | +--- |
| 6 | + |
| 7 | +If you are running your Kubernetes cluster on Oracle Container Engine |
| 8 | +for Kubernetes (commonly known as OKE), you can have OCI automatically |
| 9 | +provision load balancers for you by creating a `Service` of type |
| 10 | +`LoadBalancer` instead of (or in addition to) installing an |
| 11 | +ingress controller like Traefik or Voyager. |
| 12 | + |
| 13 | +OKE Kubernetes worker nodes normally do not have public IP addresses. |
| 14 | +This means that the `NodePort` services created by the operator are |
| 15 | +not usable, because they would expose ports on the worker node's private |
| 16 | +IP addresses only, which are not reachable from outside the cluster. |
| 17 | +Instead, you can use an OCI Load Balancer to provide access |
| 18 | +to services running in OKE. |
| 19 | + |
| 20 | +{{% notice note %}} |
| 21 | +It is also possible, if desirable, to have an OCI Load Balancer route |
| 22 | +traffic to an ingress controller running inside the Kubernetes cluster |
| 23 | +and have that ingress controller in turn route traffic to services in the |
| 24 | +cluster. |
| 25 | +{{% /notice %}} |
| 26 | + |
| 27 | + |
| 28 | +### Requesting an OCI Load Balancer |
| 29 | + |
| 30 | +When your domain is created by the operator, a number of Kubernetes |
| 31 | +services are created by the operator, including one for the WebLogic |
| 32 | +Administration Server and one for each managed server and cluster. |
| 33 | + |
| 34 | +In the example below, there is a domain called `bobs-bookstore` in the |
| 35 | +`bob` namespace. This domain has a cluster called `cluster-1` which |
| 36 | +exposes traffic on port `31111`. |
| 37 | + |
| 38 | +The Kubernetes YAML file below defines a new `Service` in the same |
| 39 | +namespace. The `selector` targets all of the pods in this namespace |
| 40 | +which are part of the cluster `cluster-1`, using the annotations that |
| 41 | +are placed on those pods by the operator. It also defines the port and |
| 42 | +protocol. |
| 43 | + |
| 44 | +You can include the optional `oci-load-balancer-shape` annotation (as |
| 45 | +shown) if you want to specify the shape of the load balancer. Otherwise |
| 46 | +the default shape (100Mbps) will be used. |
| 47 | + |
| 48 | +``` |
| 49 | +apiVersion: v1 |
| 50 | +kind: Service |
| 51 | +metadata: |
| 52 | + name: bobs-bookstore-oci-lb-service |
| 53 | + namespace: bob |
| 54 | + annotations: |
| 55 | + service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps |
| 56 | +spec: |
| 57 | + ports: |
| 58 | + - name: http |
| 59 | + port: 31111 |
| 60 | + protocol: TCP |
| 61 | + targetPort: 31111 |
| 62 | + selector: |
| 63 | + weblogic.clusterName: cluster-1 |
| 64 | + weblogic.domainUID: bobs-bookstore |
| 65 | + sessionAffinity: None |
| 66 | + type: LoadBalancer |
| 67 | +``` |
| 68 | + |
| 69 | +When you apply this YAML file to your cluster, you will see the new service is created |
| 70 | +but initially the external IP is shown as `<pending>`. |
| 71 | + |
| 72 | +``` |
| 73 | +$ kubectl -n bob get svc |
| 74 | +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE |
| 75 | +bobs-bookstore-admin-server ClusterIP None <none> 8888/TCP,7001/TCP,30101/TCP 9d |
| 76 | +bobs-bookstore-admin-server-external NodePort 10.96.224.13 <none> 7001:32401/TCP 9d |
| 77 | +bobs-bookstore-cluster-cluster-1 ClusterIP 10.96.86.113 <none> 8888/TCP,8001/TCP,31111/TCP 9d |
| 78 | +bobs-bookstore-managed-server1 ClusterIP None <none> 8888/TCP,8001/TCP,31111/TCP 9d |
| 79 | +bobs-bookstore-managed-server2 ClusterIP None <none> 8888/TCP,8001/TCP,31111/TCP 9d |
| 80 | +bobs-bookstore-oci-lb-service LoadBalancer 10.96.121.216 <pending> 31111:31671/TCP 9s |
| 81 | +``` |
| 82 | + |
| 83 | +After a short time (typically less than a minute) the OCI Load Balancer will be provisioned and the |
| 84 | +external IP address will be displayed: |
| 85 | + |
| 86 | +``` |
| 87 | +$ kubectl -n bob get svc |
| 88 | +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE |
| 89 | +bobs-bookstore-admin-server ClusterIP None <none> 8888/TCP,7001/TCP,30101/TCP 9d |
| 90 | +bobs-bookstore-admin-server-external NodePort 10.96.224.13 <none> 7001:32401/TCP 9d |
| 91 | +bobs-bookstore-cluster-cluster-1 ClusterIP 10.96.86.113 <none> 8888/TCP,8001/TCP,31111/TCP 9d |
| 92 | +bobs-bookstore-managed-server1 ClusterIP None <none> 8888/TCP,8001/TCP,31111/TCP 9d |
| 93 | +bobs-bookstore-managed-server2 ClusterIP None <none> 8888/TCP,8001/TCP,31111/TCP 9d |
| 94 | +bobs-bookstore-oci-lb-service LoadBalancer 10.96.121.216 132.145.235.215 31111:31671/TCP 55s |
| 95 | +``` |
| 96 | + |
| 97 | +You can now use the external IP address and port to access your pods. There are several |
| 98 | +options that can be used to configure more advanced load balancing behavior. Please |
| 99 | +refer to the OCI documentation](https://docs.cloud.oracle.com/iaas/Content/ContEng/Tasks/contengcreatingloadbalancer.htm) |
| 100 | +for more information, including how to configure SSL support, supporting internal and external subnets, and so on. |
| 101 | + |
0 commit comments