Global Server Load Balancing

TypeComponent

The Global Server Load Balancing component creates a Gslb resource. Check out the official Gslb documentation for more information.

Prerequisites

The Global Server Load Balancing (GSLB) controller must be installed in the spoke clusters. Use the GSLB Helm chart to install the controller in the spoke clusters.

Example Usage

An example of a Gslb resource configured for failover for a service named app-service is shown below.

apiVersion: spectrocloud.com/v1beta1
kind: WorkloadProfile
metadata:
  name: glbs-primary
  namespace: network-ns
spec:
workload:
  components:
  - name: primary-gslb
    type: gslb
    properties:
      ingressClassName: nginx
      strategyType: failover
      primaryGeoTag: us-east
      dnsTtlSeconds: 30
      splitBrainThresholdSeconds: 300
      rules:
        - host: failover.example.com
          http:
            paths:
              - path: /
                pathType: Prefix
                backend:
                  service:
                    name: app-service
                    port:
                      number: 80
      tls:
        - hosts:
            - failover.example.com
          secretName: failover-tls-secret 

Parameters

Parameter	Type	Required	Default	Description
dnsTtlSeconds	integer	Yes	`30`	DNS record TTL in seconds
ingressClassName	string	Yes		IngressClassName is the name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource.
splitBrainThresholdSeconds	integer	Yes	`300`	Split brain TXT record expiration in seconds
strategyType	string	Yes	`"roundRobin"`	Load balancing strategy type. Options: "roundRobin", "failover".
annotations	map	No		Specify the annotations in the workload
backend	object	No		A default backend capable of servicing requests that don't match any rule. At least one of 'backend' or 'rules' must be specified. This field is optional to allow the loadbalancer controller or defaulting logic to specify a global default.
labels	map	No		Specify the labels in the workload
primaryGeoTag	string	No		Primary Geo Tag. Valid for failover strategy only.
rules	array	No		A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.
tls	array	No		TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
weights	array	No		Regional weights. Valid for round robin strategy only.

Template

The following tabs display the definition's Cue template and the rendered YAML. The rendered YAML is the output of the Cue template when the definition is applied to a cluster.

gslb: { type: "component" annotations: {} labels: { "componentdefinition.spectrocloud.com/type": "application" "definition.spectrocloud.com/category": "Networking" } description: "Creates a Gslb for reconciliation by k8gb" } template: { output: { apiVersion: "k8gb.absa.oss/v1beta1" kind: "Gslb" metadata: { labels: { if parameter.labels != _|_ { parameter.labels } "wl.spectrocloud.com/name": context.workloadName "wl.spectrocloud.com/component": context.name } if parameter.annotations != _|_ { annotations: parameter.annotations } } spec: { ingress: { ingressClassName: parameter.ingressClassName if parameter["rules"] != _|_ { rules: [for v in parameter.rules { { host: v.host http: { paths: [for p in v.http.paths { { backend: { if p.backend.service != _|_ { service: { name: p.backend.service.name port: { if p.backend.service.port.name != _|_ { name: p.backend.service.port.name } if p.backend.service.port.number != _|_ { number: p.backend.service.port.number } } } } if p.backend.resource != _|_ { resource: { if p.backend.resource.apiGroup != _|_ { apiGroup: p.backend.resource.apiGroup } kind: p.backend.resource.kind name: p.backend.resource.name } } } path: p.path pathType: p.pathType } }] } } }] } if parameter["tls"] != _|_ { tls: [for t in parameter.tls { { if t.hosts != _|_ { hosts: t.hosts } secretName: t.secretName } }] } } strategy: { type: parameter.strategyType dnsTtlSeconds: parameter.dnsTtlSeconds splitBrainThresholdSeconds: parameter.splitBrainThresholdSeconds if parameter.strategyType == "failover" { if context.primaryGeoTag != _|_ { primaryGeoTag: context.primaryGeoTag } if parameter.primaryGeoTag != _|_ { primaryGeoTag: parameter.primaryGeoTag } } if parameter.strategyType == "roundRobin" { weight: [for w in parameter.weights { "\(w.region)": w.weight }] } } } } parameter: { // +usage=Specify the labels in the workload labels?: [string]: string // +usage=Specify the annotations in the workload annotations?: [string]: string // Ingress // +usage=IngressClassName is the name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource. ingressClassName: string // +usage=A default backend capable of servicing requests that don't match any rule. At least one of 'backend' or 'rules' must be specified. This field is optional to allow the loadbalancer controller or defaulting logic to specify a global default. backend?: #Backend // +usage=A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend. rules?: [...{ // +usage=Host is the fully qualified domain name of a network host, as defined by RFC 3986. host: string // +usage=HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. http: { // +usage=A collection of paths that map requests to backends. paths!: [...{ // +usage=Backend defines the referenced service endpoint to which the traffic will be forwarded to. backend: #Backend // +usage=Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix". path: string // +usage=PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types. pathType: string }] } }] // +usage=TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. tls?: [...{ // +usage=Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. hosts?: [...string] // +usage=SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. secretName: string }] // Strategy // +usage=Load balancing strategy type. Options: "roundRobin", "failover". strategyType: *"roundRobin" | "failover" // +usage=DNS record TTL in seconds dnsTtlSeconds: *30 | int // +usage=Split brain TXT record expiration in seconds splitBrainThresholdSeconds: *300 | int // +usage=Primary Geo Tag. Valid for failover strategy only. primaryGeoTag?: string // +usage=Regional weights. Valid for round robin strategy only. weights?: [...{ // +usage=Region region: string // +usage=Weight weight: int }] } #Backend: { // +usage=Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". resource?: { // +usage=APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. apiGroup?: string // +usage=Kind is the type of resource being referenced kind: string // +usage=Name is the name of resource being referenced name: string } // +usage=Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". service?: { // +usage=Name is the referenced service. The service must exist in the same namespace as the Ingress object. name: string // +usage=Port of the referenced service. A port name or port number is required for a IngressServiceBackend. port: { // +usage=Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". name?: string // +usage=Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". number?: int } } } }

Prerequisites​

Example Usage​

Parameters​

Template​

Prerequisites

Example Usage

Parameters

Template