Setting up a Network Load Balancer

Overview

It’s possible to set up and use a Network Load Balancer with AWSCluster instead of the Classic Load Balancer that is created by default.

AWSCluster setting

To make CAPA create a network load balancer simply set the load balancer type to network like this:

---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
kind: AWSCluster
metadata:
  name: "test-aws-cluster"
spec:
  region: "eu-central-1"
  controlPlaneLoadBalancer:
    loadBalancerType: nlb

This will create the following objects:

  • A network load balancer
  • Listeners
  • A target group

It will also take into consideration IPv6 enabled clusters and create an IPv6 aware load balancer.

Preserve Client IPs

By default, client ip preservation is disabled. This is to avoid hairpinning issues between kubelet and the node registration process. To enable client IP preservation, you can set it to enable with the following flag:

---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
kind: AWSCluster
metadata:
  name: "test-aws-cluster"
spec:
  region: "eu-central-1"
  sshKeyName: "capa-key"
  controlPlaneLoadBalancer:
    loadBalancerType: nlb
    preserveClientIP: true

Security

NLBs can use security groups, but only if one is associated at the time of creation. CAPA will associate the default control plane security groups with a new NLB by default.

For more information, see AWS’s Network Load Balancer and Security Groups documentation.

Extension of the code

Right now, only NLBs and a Classic Load Balancer is supported. However, the code has been written in a way that it should be easy to extend with an ALB or a GLB.