This document shows how to prepare for the installation of a Seesaw load balancer for using the Seesaw load balance in your clusters.
The instructions here are part of a quickstart. For full instructions on using the Seesaw load balancer with Google Distributed Cloud, see Bundled load balancing with Seesaw. For information on all load balancing options, see Load balancing overview.
Recommended versions
We strongly recommend that you use vSphere 6.7 or later, and Virtual Distributed Switch (VDS) 6.6 or later. If you prefer, you can use earlier versions, but your installation will be less secure. The remaining sections in this topic give more detail about the security advantages of using vSphere 6.7+ and VDS 6.6+.
Plan your VLANs
Later in this sequence of quickstart topics, you will create an admin cluster and a user cluster. We strongly recommend that you have your two clusters on separate VLANs.
Set aside IP addresses for Seesaw VMs
Set aside IP addresses for the VMs that will run your Seesaw load balancers.
For your admin cluster, set aside one IP address for a Seesaw VM. Also for your admin cluster, set aside a master IP address for the Seesaw load balancer. Both of these addresses must be on the same VLAN as your admin cluster nodes.
For your user cluster, set aside one IP address for a Seesaw VM. Also for your user cluster, set aside a master IP address for the Seesaw load balancer. Both of these addresses must be on the same VLAN as the user cluster nodes.
Set aside virtual IP addresses
Set aside the virtual IP addresses (VIPs) that you intend to use for load balancing. These VIPs allow external clients to reach your Kubernetes API servers and your ingress service.
Admin cluster VIP
Set aside a VIP for the Kubernetes API server of your admin cluster. In the
admin cluster configuration file, this is called controlPlaneVIP
. This VIP
must be on the same VLAN as the admin cluster nodes and the Seesaw VMs for the
admin cluster.
User cluster VIPs
Set aside a VIP for the Kubernetes API server of your user cluster. In the
user cluster configuration file, this is called controlPlaneVIP
. This VIP
must be on the same VLAN as the admin cluster nodes and the Seesaw VMs for the
admin cluster. This is because the Kubernetes API server for the user cluster
runs on a node in the admin cluster.
Set aside a VIP for ingress in your user cluster. In the user cluster
configuration file, this is called ingressVIP
. This VIP must be on the same
VLAN as the user cluster nodes and the Seesaw VMs for the user cluster.
Planning your port groups
Each of your Seesaw VMs has two network interfaces. One of those network interfaces is configured with Service VIPs. The other network interface is configured with the IP address of the VM itself.
For an individual Seesaw VM, the two network interfaces can be connected to the same vSphere port group, or they can be connected to separate port groups. If the port groups are separate, they must be on the same VLAN.
This topic refers to two port groups:
load-balancer port group: For a Seesaw VM, the network interface that is configured with Service VIPs is connected to this port group.
cluster-node port group: For a Seesaw VM, the network interface that is configured with the IP address of the VM itself is connected to this port group. Your GKE on-prem cluster nodes are also connected to this port group.
The load-balancer port group and the cluster-node port group can be one and the same. But we strongly recommend that they are separate.
Creating IP block files
Get an SSH connection to your admin workstation.
In the home directory of your admin workstation, create two IP block files:
admin-seesaw-ipblock.yaml
: This is the IP block file for the Seesaw load balancer of your admin cluster.user-seesaw-ipblock.yaml
: This is the IP block file for the Seesaw load balancer of your user cluster.
In the IP block file for your admin cluster, specify the IP address you have chosen for your admin cluster's Seesaw VM. Likewise, in the IP block file for your user cluster, specify the address you have chosen for your user cluster's Seesaw VM.
These IP block files are for your Seesaw VMs, not your cluster nodes. Later, you will create separate IP block files for your cluster nodes.
Here's an example of an IP block file that specifies an IP address for a Seesaw VM:
blocks: - netmask: "255.255.255.0" gateway: "172.16.20.1" ips: - ip: "172.16.20.18" hostname: "seesaw-vm"
What's next
Create an admin cluster (quickstart)