This page explains how to use container-native load balancing in Google Kubernetes Engine (GKE). Container-native load balancing allows load balancers to target Kubernetes Pods directly and to evenly distribute traffic to Pods.
For more information on the benefits, requirements, and limitations of container-native load balancing, see Container-native load balancing.
Before you begin
Before you start, make sure that you have performed the following tasks:
- Enable the Google Kubernetes Engine API. Enable Google Kubernetes Engine API
- If you want to use the Google Cloud CLI for this task,
install and then
initialize the
gcloud CLI. If you previously installed the gcloud CLI, get the latest
version by running the
gcloud components updatecommand. Earlier gcloud CLI versions might not support running the commands in this document.
- Ensure that you have an existing VPC-native cluster. If you need one, create a cluster. GKE clusters are VPC-native by default.
Use container-native load balancing
The following sections walk you through a container-native load balancing configuration on GKE.
Create a Deployment
The following sample
Deployment,
neg-demo-app, runs a single instance of a containerized HTTP server. We
recommend you use workloads that use
Pod readiness
feedback.
Using Pod readiness feedback
apiVersion: apps/v1 kind: Deployment metadata: labels: run: neg-demo-app # Label for the Deployment name: neg-demo-app # Name of Deployment spec: selector: matchLabels: run: neg-demo-app template: # Pod template metadata: labels: run: neg-demo-app # Labels Pods from this Deployment spec: # Pod specification; each Pod created by this Deployment has this specification containers: - image: registry.k8s.io/serve_hostname:v1.4 # Application to run in Deployment's Pods name: hostname # Container name ports: - containerPort: 9376 protocol: TCP
Using hardcoded delay
apiVersion: apps/v1 kind: Deployment metadata: labels: run: neg-demo-app # Label for the Deployment name: neg-demo-app # Name of Deployment spec: minReadySeconds: 60 # Number of seconds to wait after a Pod is created and its status is Ready selector: matchLabels: run: neg-demo-app template: # Pod template metadata: labels: run: neg-demo-app # Labels Pods from this Deployment spec: # Pod specification; each Pod created by this Deployment has this specification containers: - image: registry.k8s.io/serve_hostname:v1.4 # Application to run in Deployment's Pods name: hostname # Container name # Note: The following line is necessary only on clusters running GKE v1.11 and lower. # For details, see https://cloud.google.com/kubernetes-engine/docs/how-to/container-native-load-balancing#align_rollouts ports: - containerPort: 9376 protocol: TCP terminationGracePeriodSeconds: 60 # Number of seconds to wait for connections to terminate before shutting down Pods
In this Deployment, each container runs an HTTP server. The HTTP server returns the hostname of the application server (the name of the Pod on which the server runs) as a response.
Save this manifest as neg-demo-app.yaml, then create the Deployment:
kubectl apply -f neg-demo-app.yaml
Create a Service for a container-native load balancer
After you have created a Deployment, you need to group its Pods into a Service.
The following sample Service, neg-demo-svc, targets the sample Deployment that
you created in the previous section:
apiVersion: v1
kind: Service
metadata:
name: neg-demo-svc # Name of Service
spec: # Service's specification
type: ClusterIP
selector:
run: neg-demo-app # Selects Pods labelled run: neg-demo-app
ports:
- name: http
port: 80 # Service's port
protocol: TCP
targetPort: 9376
The load balancer is not created until you create an Ingress for the Service.
Save this manifest as neg-demo-svc.yaml, then create the Service:
kubectl apply -f neg-demo-svc.yaml
Create an Ingress for the Service
The following sample
Ingress,
neg-demo-ing, targets the Service that you created:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: neg-demo-ing
spec:
defaultBackend:
service:
name: neg-demo-svc # Name of the Service targeted by the Ingress
port:
number: 80 # Should match the port used by the Service
Save this manifest as neg-demo-ing.yaml, then create the Ingress:
kubectl apply -f neg-demo-ing.yaml
Upon creating the Ingress, an Application Load Balancer is created in the project, and Network Endpoint Groups(NEGs) are created in each zone in which the cluster runs. The endpoints in the NEG and the endpoints of the Service are kept in sync.
Verify the Ingress
After you have deployed a workload, grouped its Pods into a Service, and created an Ingress for the Service, you should verify that the Ingress has provisioned the container-native load balancer successfully.
Retrieve the status of the Ingress:
kubectl describe ingress neg-demo-ing
The output includes ADD and CREATE events:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ADD 16m loadbalancer-controller default/neg-demo-ing
Normal Service 4s loadbalancer-controller default backend set to neg-demo-svc:32524
Normal CREATE 2s loadbalancer-controller ip: 192.0.2.0
Test the load balancer
The following sections explain how you can test the functionality of a container-native load balancer.
Visit Ingress IP address
Wait several minutes for the Application Load Balancer to be configured.
You can verify that the container-native load balancer is functioning by visiting the Ingress' IP address.
To get the Ingress IP address, run the following command:
kubectl get ingress neg-demo-ing
In the command output, the Ingress' IP address is displayed in the ADDRESS
column. Visit the IP address in a web browser.
Check backend service health status
You can also get the health status of the load balancer's backend service.
Get a list of the backend services running in your project:
gcloud compute backend-services listRecord the name of the backend service that includes the name of the Service, such as
neg-demo-svc.Get the health status of the backend service:
gcloud compute backend-services get-health BACKEND_SERVICE_NAME --globalReplace
BACKEND_SERVICE_NAMEwith the name of the backend service.
Test the Ingress
Another way you can test that the load balancer functions as expected is by scaling the sample Deployment, sending test requests to the Ingress, and verifying that the correct number of replicas respond.
Scale the
neg-demo-appDeployment from one instance to two instances:kubectl scale deployment neg-demo-app --replicas 2This command might take several minutes to complete.
Verify that the rollout is complete:
kubectl get deployment neg-demo-appThe output should include two available replicas:
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE neg-demo-app 2 2 2 2 26mGet the Ingress IP address:
kubectl describe ingress neg-demo-ingIf this command returns a 404 error, wait a few minutes for the load balancer to start, then try again.
Count the number of distinct responses from the load balancer:
for i in `seq 1 100`; do \ curl --connect-timeout 1 -s IP_ADDRESS && echo; \ done | sort | uniq -cReplace
IP_ADDRESSwith the Ingress IP address.The output is similar to the following:
44 neg-demo-app-7f7dfd7bc6-dcn95 56 neg-demo-app-7f7dfd7bc6-jrmzfIn this output, the number of distinct responses is the same as the number of replicas, which indicates that all backend Pods are serving traffic.
Clean up
After completing the tasks on this page, follow these steps to remove the resources to prevent unwanted charges incurring on your account:
Delete the cluster
gcloud
gcloud container clusters delete neg-demo-cluster
Console
Go to the Google Kubernetes Engine page in the Google Cloud console.
Select neg-demo-cluster and click delete Delete.
When prompted to confirm, click Delete.
What's next
- Learn how to use container-native load balancing through standalone zonal NEGs.
- Learn more about VPC-native clusters.
- Learn more about Ingress configuration.
- Learn how to use Google-managed SSL certificates.