Setting up Seesaw load balancers

GKE on-prem can run in one of three load balancing modes: integrated, manual, or bundled. This topic shows how to configure GKE on-prem to run in bundled load balancing mode.

In bundled load balancing mode, GKE on-prem provides and manages the load balancer. You do not have to get a license for a load balancer, and the amount of setup that you have to do is minimal.

The bundled load balancer that GKE on-prem provides is the Seesaw load balancer.

In this guide, you prepare to create Seesaw load balancers that are not highly available. This keeps the steps simple for the basic installation journey. For complete information on how to set up bundled Seesaw load balancers, including how to create highly-available Seesaw load balancers, see Bundled load balancing with Seesaw.

We strongly recommend that you use vSphere 6.7 and Virtual Distributed Switch (VDS) 6.6 for bundled load balancing mode.

If you prefer, you can use earlier versions, but your installation will be less secure. The remaining sections in this topic give more detail about the security advantages of using vSphere 6.7 and VDS 6.6.

Planning your VLANs

In this guide, you create an admin cluster and a user cluster. We strongly recommend that you have your two clusters on separate VLANs.

Setting aside virtual IP addresses

You must set aside several virtual IP addresses (VIPs) that you intend to use for load balancing. These VIPs allow external clients to reach your Kubernetes servers and your ingress services.

You must set aside a set of VIPs for your admin cluster and a set of VIPs for your user cluster. For a given cluster, these VIPs must be on the same VLAN as the cluster nodes and the Seesaw VMs for that cluster.

For instructions on setting aside VIPs, see Setting aside virtual IP addresses.

Setting aside node IP addresses

In this guide, you use static IP addresses for your cluster nodes. Set aside enough addresses for the nodes in the admin cluster and the nodes in your user cluster. For details about how many node IP addresses to set aside, see Configuring static IP addresses.

Setting aside IP addresses for Seesaw VMs

Next, set aside IP addresses for the VMs that will run your Seesaw load balancers.

For your admin cluster, set aside one IP address for a Seesaw VM. Also for your admin cluster, set aside a control plane IP address for the Seesaw load balancer. Both of these addresses must be on the same VLAN as your admin cluster nodes.

For your user cluster, set aside one IP address for a Seesaw VM. Also for your user cluster, set aside a control plane IP address for the Seesaw load balancer. Both of these addresses must be on the same VLAN as the user cluster nodes.

Planning your port groups

Each of your Seesaw VMs has two network interfaces. One of those network interfaces is configured with Service VIPs. The other network interface is configured with the IP address of the VM itself.

For an individual Seesaw VM, the two network interfaces can be connected to the same vSphere port group, or they can be connected to separate port groups. If the port groups are separate, they must be on the same VLAN.

This topic refers to two port groups:

  • load-balancer port group: For a Seesaw VM, the network interface that is configured with Service VIPs is connected to this port group.

  • cluster-node port group: For a Seesaw VM, the network interface that is configured with the IP address of the VM itself is connected to this port group. Your GKE on-prem cluster nodes are also connected to this port group.

The load-balancer port group and the cluster-node port group can be one and the same. But we strongly recommend that they are separate.

Creating hostconfig files

For each of your two clusters, specify the address you have chosen for your Seesaw VM in a hostconfig file. This hostconfig file is for your load balancer VM, not your cluster nodes. Later, you will create a separate hostconfig file for your cluster nodes. Here's an example of a hostconfig file that specifies an IP address for a Seesaw VM.

hostconfig:
  dns: "110.116.232"
  tod: "192.138.210.214"
  otherdns:
  - "8.8.8.8"
  - "8.8.4.4"
  othertod:
  - "ntp.ubuntu.com"
  searchdomainsfordns:
  - "my.local.com"
blocks:
  - netmask: "255.255.255.0"
    gateway: "172.16.20.1"
    ips:
    - ip: "172.16.20.18"
      hostname: "seesaw-vm"