Setting up your load balancer for GKE on-prem

GKE on-prem clusters can run with one of two load balancing modes: integrated or manual. With integrated mode, a GKE on-prem cluster uses the F5 BIG-IP load balancer. With manual mode, GKE on-prem uses a different load balancer of your choice. Manual load balancing mode requires that you do more configuration than with integrated mode.

If you choose to use the F5 BIG-IP load balancer, you need to have a user role that has sufficient permissions to set up and manage the load balancer. Either the Administrator role or the Resource Administrator role is sufficient.

This topic describes setting aside IP addresses and nodePort values for later use. The idea is that you choose the IP addresses and nodePort values that you want to use for load balancing and for your cluster nodes. But you don't do anything with the addresses and nodePort values at this point. Later, when you are ready to install GKE on-prem, you will need the addresses and nodePort values to fill in your cluster configuration file.

Setting aside virtual IP addresses

Regardless of whether you use integrated or manual mode, you must set aside several virtual IP addresses (VIPs) that you intend to use for load balancing. With integrated mode, you specify these VIPs in your cluster configuration file, and GKE on-prem automatically configures the F5 BIG-IP load balancer to use the VIPs. With manual mode, you must manually configure your load balancer to use the VIPs.

For your admin cluster, you must set aside these VIPs:

  • VIP for Kubernetes API server
  • VIP for the ingress service

For each user cluster you intend to create, you must set aside these VIPs:

  • VIP for the Kubernetes API server
  • VIP for the ingress service

If you intend to use addons in your admin cluster, you must set aside a VIP for the addon service in the admin cluster.

For each user cluster where you intend to use addons, you must set aside a VIP for the addon service in that user cluster.

For example, suppose you intend to have two user clusters, and you intend to use addons in all of your clusters. Then you would need three VIPs for your admin cluster and three VIPs for each of your user clusters. So you would need to set aside nine VIPs.

Setting aside node IP addresses

With integrated mode, you can use an existing Dynamic Host Configuration Protocol (DHCP) server to provide IP addresses for your cluster nodes, or you can specify static IP addresses for nodes. With manual mode, you cannot use DHCP. You must specify static IP addresses for your nodes.

If you choose to use static IP addresses, you must set aside enough addresses for the nodes in the admin cluster and the nodes in all the user clusters you intend to create. For details about how many node IP addresses to set aside, see Configuring static IPs.

Setting aside nodePort values

In GKE on-prem clusters, the Kubernetes API server, the ingress service, and the addon service are implemented as Kubernetes Services of type NodePort. With integrated load balancing mode, GKE on-prem chooses the nodePort values for these Services automatically. With manual load balancing mode, you must specify the nodePort values to be used for these Services. For more information, see Setting aside nodePort values.

Configuring the load balancer

With integrated load balancing mode, GKE on-prem automatically configures the F5 BIG-IP load balancer with the VIPs that you specify in the cluster configuration file. With manual mode, you must configure your load balancer with the VIPs you have chosen. How you configure your load balancer depends on which load balancer you are using. For more information, see Enabling manual load balancing.

Summary of preparing for load balancing

The following table summarizes what you must do to prepare for load balancing in integrated and manual mode:

Integrated modeManual mode
Choose VIPs before you create your clusters.YesYes
Choose node IP addresses before you create your clusters.No, if using DHCP.
Yes, if using static IP addresses.
Yes
Choose nodePort values before you create your clusters.NoYes
Manually configure your load balancerNoYes

Creating Services in your cluster

After your user cluster is running, you might want to create Kubernetes Services and expose them to external clients.

Regardless of whether you are using integrated or manual load balancing mode, you can expose Services to external clients by using Ingress objects.

With integrated load balancing mode, you can create a Service of type LoadBalancer and specify a VIP for the Service. GKE on-prem automatically configures the VIP on the F5 BIG-IP load balancer.

With manual load balancing mode, you cannot expose a Service of type LoadBalancer to external clients. Instead, you can use these steps to expose a Service to external clients:

  • Create a Service of type NodePort.

  • Choose a VIP for your Service.

  • Manually configure your load balancer so that traffic sent to the VIP is forwarded to your Service.

The following table summarizes the kinds of Services you can expose in integrated and manual mode:

Integrated modeManual mode
Expose Services to external clients by using Ingress objects.YesYes
Expose Services of type ClusterIP to internal clients.YesYes
Expose Services of type NodePort to external clients.YesYes
Expose Services of type LoadBalancer to external clients.YesNo

What's next