Installing a load balancer

Managed Kubernetes services such as Google or IBM Cloud will provide an external load balancer. Since our Kubernetes environment is standalone, we do not have an external load balancer; we install and use keepalived as a load balancer.

The keepalived load balancer depends on the ip_vs kernel module to be loaded. Follow these steps:

  1. Make sure that the ip_vs kernel module is loaded:
$ sudo lsmod | grep ^ip_vs
ip_vs_wlc 12519 0
ip_vs 145497 2 ip_vs_wlc
  1. If the preceding does not show any output, load the module:
$ sudo ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
  1. Run sudo lsmod | grep ^ip_vs to make sure that the module is loaded.
  2. Add ip_vs to the module list so that it is loaded automatically on reboot:
$ echo "ip_vs" | sudo tee /etc/modules-load.d/ipvs.conf
  1. The keepalived helm chart requires that the node be labeled as proxy=true so that it can deploy the daemon set on this master node:
$ kubectl label node osc01.servicemesh.local proxy=true
node/osc01.servicemesh.local labeled
  1. Install keepalived through a helm chart from https://github.com/servicemeshbook/keepalived:
$ helm repo add kaal https://servicemeshbook.github.io/keepalived
"kaal" has been added to your repositories

$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "kaal" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.

# Grant cluster admin to the default service account in keepalived namespace 

$ kubectl create clusterrolebinding 
keepalived-cluster-role-binding 
--clusterrole=cluster-admin --serviceaccount=keepalived:default
clusterrolebinding.rbac.authorization.k8s.io/keepalived-cluster-role-binding created

$ helm install kaal/keepalived --name keepalived 
--namespace keepalived 
--set keepalivedCloudProvider.serviceIPRange="192.168.142.248/29" 
--set nameOverride="lb"
  1. After creating the preceding helm chart, test the readiness and status of pods in the keepalived namespace:
$ kubectl -n keepalived get pods
NAME                                           READY   STATUS   ---
keepalived-lb-cloud-provider-c68f7b6b5-hqz2n   1/1     Running  ---
keepalived-lb-vip-manager-dlpfv                1/1     Running  ---

--- RESTARTS   AGE
--- 0          49s
--- 0          49s

If you are not using the base VM (https://github.com/servicemeshbook/byok), you may have a different IP address for your VM or a separate node name. You may have to do customization to follow the exercises, especially if you plan to use an internal load balancer. 

As a solution, you can create an alias on your default NIC adapter to use the same IP address range that we are using. For example, you could run the IP address add 192.168.142.1/24 dev eth0 command to create another IP address on your existing NIC adapter. This will allow you to run the exercises without having to change too much.
  1. Once the keepalived load balancer is working, check the status of the Istio services, and you should see that the Istio ingress gateway now has an external IP address assigned:
$ kubectl -n istio-system get services          
NAME                    TYPE          CLUSTER-IP      EXTERNAL-IP    
grafana                 ClusterIP     10.110.45.249   <none>         
istio-citadel           ClusterIP     10.102.12.32    <none>         
istio-egressgateway     ClusterIP     10.98.94.222    <none>         
istio-galley            ClusterIP     10.106.47.250   <none>         
istio-ingressgateway    LoadBalancer  10.108.75.6     192.168.142.249
istio-pilot             ClusterIP     10.103.70.243   <none>         
istio-policy            ClusterIP     10.108.62.61    <none>         
istio-sidecar-injector  ClusterIP     10.104.147.41   <none>         
istio-telemetry         ClusterIP     10.107.179.4    <none>         
jaeger-agent            ClusterIP     None            <none>         
jaeger-collector        ClusterIP     10.105.216.0    <none>         
jaeger-query            ClusterIP     10.108.215.169  <none>         
kiali                   ClusterIP     10.98.39.201    <none>         
prometheus              ClusterIP     10.104.175.238  <none>         
tracing                 ClusterIP     10.109.27.237   <none>         
zipkin                  ClusterIP     10.96.252.28    <none>

All services should have cluster-ip except jaeger-agent and istio-ingressgateway. They might show as <pending> initially, and keepalivd will provide an IP address from a subnet range that we provided to the helm install command. Note the external IP address assigned by the load balancer to istio-ingressgateway is 192.168.142.249, but this could be different in your case.

When no external load balancer is used, the node port of the service or port forwarding can be used to run the application from outside the cluster.

Next, we enable Istio for existing applications by injecting a sidecar proxy—which may result in a very short outage of the application as pods need to restart. We will also learn how to enable new applications to get a sidecar proxy injected automatically.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.151.141