Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create a LoadBalancer Service

SUMMARY This topic describes how to create a Load Balancer service in Juniper Cloud-Native Contrail® Networking™ (CN2).

LoadBalancer Service Overview

Juniper Networks supports LoadBalancer services using Cloud-Native Contrail Networking (CN2) Release 22.1 or later in a Kubernetes-orchestrated environment.

In Kubernetes, a service is an abstract way to expose an application running on a set of pods as a network service. See Kubernetes Services.

In CN2, the Kubernetes LoadBalancer service is implemented using the InstanceIP resource and FloatingIP resource, both of which are similar to the ClusterIP service.

  • The FloatingIP is used in the service implementation to expose an external IP to the LoadBalancer service. The FloatingIP resource is also associated with the pod's VirtualMachineInterfaces.
  • The InstanceIP resource is related to the VirtualNetwork. Two instanceIPs are created, one for the service network and one for the external network.

A controller service is implemented in Contrail's kubemanger. Kubemanager is the interface between Kubernetes core resources, and the extended Contrail resources, such as the VirtualNetwork. When you create a LoadBalancer service, kubemanager listens and allocates the IP from an external virtual network. This external virtual network exposes the LoadBalancer service on the external IPs. Any requests received through the provisioned external IP is ECMP load-balanced across the pods associated with the LoadBalancer.

Create a LoadBalancer Service

The following sections describe how to create a LoadBalancer service in CN2.

Prerequisites

Before you create a LoadBalancer service, make sure of the following:

  • You have set up a working cloud networking environment using Kubernetes orchestration.

  • Cloud-Native Contrail Networking is operational.

  • You configured kubemanager to define the external networks to be used by the LoadBalancer service.

Define an External Virtual Network

Before you create a LoadBalancer service, you must define an external virtual network. You can define the virtual network two ways, by creating a NetworkAttachmentDefinition or by creating a virtual network.

Note:

A Multus deployment requires that you only use a NetworkAttachmentDefinition to define an external network.

The following example illustrates how to define an external virtual network using a NetworkAttachmentDefinition. In this example, the external IP is allocated from the subnet range 192.168.102.0/24.

When you apply the NetworkAttachmentDefinition, kubemanger creates a virtual network with the name ecmp-default in the namespace ecmp-project.

Specify the External Networks

By default, kubemanager allocates the external IP for a LoadBalancer service from the default-external network. To allocate the external IP from a different network, you must define the external network using selectors.

The following is an example of a Kubemanager.yaml file specifying the default-external network selector and user-defined network selectors.

The VirtualNetworks listed below match the labels that shown in the Kubemanager.yaml above (in relative order).

Define Service Level Annotations

Additionally, you can define the following service level annotations for external network discovery.

Annotation: externalNetwork .

In this example, the externalNetwork annotation allocates an external IP from the evn virtual network in the namespace ns.

Annotation: externalNetworkSelector

In this example, the externalNetworkSelector matches the name of the externalNetworkSelector defined in kubemanager.

Note:

You can also define service level annotations in the namespace of the Kubernetes cluster, or in the namespace of the Contrail cluster. The service-level annotations takes precedence.

Examples: External Network Selection

Note:

The virtual networks defined in Specify the External Networks are linked to the annotations in the following examples.

The external virtual network is selected from one of the following in priority order:

Example 1: Default Selector.

Kubemanager first looks for the default external network. This example uses the default-external selector because no annotation is specified.

Matches the network contrail/default-external-vn.

Example 2: Custom namespace

Matches the network custom-namespace/external-vn-1.

Example 3: External network matching preconfigured selector in a namespace.

Matches the network custom-namespace/external-vn-1.

Example 4: External network matching preconfigured selector in service namespace.

Matches the network custom-namespace/external-vn-2.

Dual-Stack Networking Support

As an Administrator, you might need to select the IP family (IPv4 or IPv6) to use when defining a service. IPv4/IPv6 dual-stack networking enables the allocation of both IPv4 and IPv6 addresses to pods and services. If you do not define the IP family, the default IPv4 is used.

In this example, an IPv4 and IPv6 default external network is allocated for the LoadBalancer service.

Configure LoadBalancer Services without Selectors

In Kubernetes, you can expose an application running on a set of pods as a network service. Kubernetes uses selectors to automatically create a LoadBalancer service, but only uses the default primary interface for load balancing.

Starting in Cloud-Native Contrail Networking (CN2) Release 22.3, you can load-balance a service across multiple secondary interfaces. You create secondary interfaces in CN2 without using a selector. Because the LoadBalancer service has no selector, you must create the endpoint manually.

To create a secondary interface for a LoadBalancer service:

  1. Create two virtual networks using a NetworkAttachmentDefinition.
    The following example shows two networks. One network for the pod's secondary interface (pod-subnet) and another network (lb-subnet) for the LoadBalancer service external IP. These networks are connected by a common route target which routes traffic between the two networks.
  2. Create the pods you want to load-balance the service on. You can create multiple pods.
    In this example, we'll create two pods in the my-lb namespace, each with their own IP address.
  3. Create a LoadBalancer service.
    In this example, we'll create a LoadBalancer service (service-lb) in the my-lb namespace. Note that this Service.YAML is not using a selector.
  4. Specify the endpoints (IP addresses) that you want to load balance the service on. In this example, two pod endpoints are specified for the secondary interfaces (ip: 172.16.23.0 and ip : 172.16.24.0).
    Make sure that the endpoint has the same name as the LoadBalancer service.
Success! You can now load balance a service across multiple pods with the secondary interface.

In addition to creating a LoadBalancer service on the secondary interface, you can use a selector to create a LoadBalancer service on the default primary interface. The primary interface can work in tandem with the secondary interface. You can use either interface to load balance across your desired service.