Create TCP/UDP Internal Load Balancer (ILB) on Google Cloud Platform (GCP) using managed and unmanaged instance groups
Creating Internal Load Balancer in Google Cloud Platform is easy and it is used to distribute the load across VM instances. In this guide we will see how to create TCP/UDP Load Balancer using managed and unmanaged instances.
Prerequisites:
1) Gcloud SDK must be installed in your local
2) Login to your designated gcp project
3) User or Service Account must have required IAM roles to create ILB
Create TCP/UDP ILB using Managed Instance group
Google’s managed instance group are the group of identical VM instances created using an instance template. These VM instances can be in different zones (regional) but with same region when multi zone is enabled while creating managed instance group(MIG). As by the name managed, this group has some important features like autoscaling, auto-healing, Rolling out updates.
To Create ILB, Follow the below steps sequentially
1) Create Managed Instance group using commandline or GUI or Google deployment manager or rest API
2) Create TCP heath check using below command line
gcloud compute health-checks create tcp <health-check-name> --description="Health check: TCP <port>" --check-interval=5s --timeout=5s --healthy-threshold=2 --unhealthy-threshold=2 --port=<port> --proxy-header=NONE --region=<health-check-region>
3) Create a backed service using below command line
gcloud compute backend-services create <backend-service-name> --load-balancing-scheme internal --health-checks <health-check-name> --protocol tcp --region <backend-service-region>
4) Assign the created managed instance group to the created backend service
gcloud compute backend-services add-backend <backend-service-name> --instance-group <instance-group-name> --instance-group-region=<instance-group-region> --region <backend-service-region>
5) Create a forwarding rule using below command line
gcloud compute forwarding-rules create <forwarding-rule-name> --load-balancing-scheme internal --address <ILB ip address> --ports <port> --subnet <full path of subnet> --region <forwarding rule region> --backend-service <backend-service-name>
Note: Managed instance group, backend service and forwarding rule must be in same region
Create TCP/UDP ILB using Unmanaged Instance group
An unmanaged instance group is a collection of user created/managed VM instances that are created in a same zone, VPC network, and subnet. Unmanaged instances will not have same instance template. We need to manually add user created/managed VM instances into unmanaged instance groups
To Create ILB, Follow the below steps sequentially
1) Assumed User created/managed instances are up and running. Then create Unmanaged instance group using below command line
gcloud compute instance-groups unmanaged create <instance-group-name-1> --zone=<zone1> gcloud compute instance-groups unmanaged create <instance-group-name-2> --zone=<zone2>
2) Add User created/managed instances to the created instance groups
gcloud compute instance-groups unmanaged add-instances <instance-group-name-1> --instances <instance-name-1>,<instance-name-2> --zone=<zone1> gcloud compute instance-groups unmanaged add-instances instance-group-name-2> --instances <instance-name-3>,<instance-name-4> --zone=<zone2>
Note: Unmanaged instance group will be created only with same zone instances
3) Verify User created/managed instances are grouped under unmanaged instance group by using below command line
gcloud compute instance-groups unmanaged list-instances <instance-group-name-1> --zone=<zone1> gcloud compute instance-groups unmanaged list-instances <instance-group-name-2> --zone=<zone2>
4) Create TCP heath check using below command line
gcloud compute health-checks create tcp <health-check-name> --description="Health check: TCP <port>" --check-interval=5s --timeout=5s --healthy-threshold=2 --unhealthy-threshold=2 --port=<port> --proxy-header=NONE --region=<health-check-region>
5) Create a backed service using below command line
gcloud compute backend-services create <backend-service-name> --load-balancing-scheme internal --health-checks <health-check-name> --protocol tcp --region <backend-service-region>
6) Assign the created unmanaged instance groups to the created backend service
gcloud compute backend-services add-backend <backend-service-name> --instance-group <instance-group-name-1> --instance-group-zone <instance-group-zone-1> --region <backend-service-region> gcloud compute backend-services add-backend <backend-service-name> --instance-group <instance-group-name-2> --instance-group-zone <instance-group-zone-2> --region <backend-service-region>Create a forwarding rule using below command line
7) Create a forwarding rule using below command line
gcloud compute forwarding-rules create <forwarding-rule-name> --load-balancing-scheme internal --address <ILB ip address> --ports <port> --subnet <full path of subnet> --region <forwarding rule region> --backend-service <backend-service-name>
Note: Unmanaged instance group, backend service and forwarding rule must be in same region
HTTP Liveness and Readiness Probe in Kubernetes Deployment
Liveness and Readiness probes are required in Kubernetes to prevent deadlock of your application deployed and zero missing request while pod is initializing. When probe is configured in deployment, each pod will go through probe conditions.
Liveness and readiness probes will be applicable to new pod which is created by horizontal pod autoscaling (hpa)
We are going to learn how to configure probes in kubernetes deployment:
Liveness probe: It will take care of the container when it is in deadlock or application not running by restarting container
Readiness probe: It will take care of the pod when to join the service to serve traffic
Prerequisite:
1) kubectl cli should be installed in your local
2) Connect to the kubernetes cluster
3) /health API should be enabled in application
4) Configmaps related to deployment should be deployed before deployment
Step1:
Configure the liveness and readiness probe in the deployment yaml
Liveness probe:
livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 3 periodSeconds: 3
Liveness probe should be configured under template.spec.containers section
Readiness probe:
readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 3 periodSeconds: 3
Readiness probe configuration is similar to liveness probe and should be configured under template.spec.containers section
Sample Deployment Yaml with probes:
apiVersion: apps/v1 kind: Deployment metadata: name: Myapp-deployment labels: apptype: java spec: replicas: 3 selector: matchLabels: apptype: java tier: web template: metadata: labels: apptype: java tier: web spec: containers: - name: [container name] image: [image from any container registry] command: ["/bin/sh"] args: ["java -Xmx2g -Xss256k -XX:MaxMetaspaceSize=256m -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/my-heap-dump.hprof -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:/var/log/myAppgc.log -jar [application.jar] --spring.config.location=[absolute path of the config maps mounted] "] ports: - containerPort: 8080 volumeMounts: - name: appconfig mountPath: "/config/application" readOnly: true livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 3 periodSeconds: 3 readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 3 periodSeconds: 3 volumes: - name: appconfig configMap: name: [configmap-name]
Note: InitialDelaySeconds need to be higher value than application start up time
Here are the few fields we need to consider while configuring probes:
- initialDelaySeconds: Number of seconds after probe will start
- periodSeconds: gap between probe start
- timeoutSeconds: probe time out
- successThreshold: number of success probes after failure
- failureThreshold: Waiting time to perform restart container(Liveness Probe) and marking container unready(Readiness Probe)
- scheme: HTTP or HTTPS Defaults to HTTP.
- path: Path to access on the endpoint
- port: port to access on the container
Step2:
Save the above mentioned deployment yaml and deploy it in kubernetes cluster by executing the below command
kubectl apply -f [deployment.yaml]
Configure Pod Anti-affinity and Pod Disruption Budget in Kubernetes deployment for High availability
High availability (HA) is the ability to make our application continuously operational for a desirably long length of time. By configuring Pod Anti-affinity and Pod disruption budget together will make stateful or stateless application pods to highly available during any of the below scenarios:
1) Any one node is unavailable or under maintenance
2) cluster administrator deletes kubernetes node by mistake
3) cloud provider or hypervisor failure makes kubernetes node disappear
4) Cluster administrator/User deletes your application pods by mistake
In this blog, We are going to configure pod anti-affinity and Pod disruption budget for kubernetes deployment
Prerequisite:
1) kubectl cli should be installed in your local
2) Connect to the kubernetes cluster
3) Configmaps related to deployment should be deployed before deployment
Pod Anti-affinity:
Pod Anti-affinity: It help us not to schedule same type of pod in one node which means you will have only one pod in one node and other same type pod in another node. Hence scheduler will never co-locate the same type of pod in the same node
For Example, if three pods of same deployment(replicas=3) are in one node and that node has crashed or unavailable, then our application will be impacted. When pod anti-affinity is configured, one node failure/unavailable will not impact the whole application.
1) Configure the below snippet under template.spec in the application deployment yaml
affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - myapp topologyKey: "kubernetes.io/hostname"
Note: Above Pod Anti-affinity snippet uses Selector to match with key app in value myapp and uses node labels
2) Sample deployment yaml with pod anti-affinity:
apiVersion: apps/v1 kind: Deployment metadata: name: myapp labels: apptype: java app: myapp spec: replicas: 3 selector: matchLabels: app: myapp apptype: java template: metadata: labels: apptype: java app: myapp spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - myapp topologyKey: "kubernetes.io/hostname" containers: - name: [container-name] image: [image from any container registry] command: ["/bin/sh"] args: ["java -Xmx2g -Xss256k -XX:MaxMetaspaceSize=256m -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/my-heap-dump.hprof -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:/var/log/myAppgc.log -jar [application.jar] --spring.config.location=[absolute path of the config map eg. /config/application/[application.properties]] "] ports: - containerPort: 8080 volumeMounts: - name: appconfig mountPath: "/config/application" readOnly: true volumes: - name: appconfig configMap: name: [configmap-name]
3) Save the above mentioned deployment yaml and deploy it in kubernetes cluster by executing the below command
kubectl apply -f [deployment.yaml]
Pod Disruption Budget:
Pod Disruption Budget help us to define how many minimum available and maximum unavailable pods must meet the condition even during disruption for stateful or stateless application. You can define minAvailable/maxUnavailable values either as integer or percentage.
1) You can configure Pod disruption budget in two ways:
minAvailable – Specified value/percentage of pod should be available always
apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: pdb-myapp spec: minAvailable: 2 selector: matchLabels: app: myapp
maxUnavailable – Specified value/percentage of pod can be acceptable during disruption
apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: pdb2-myapp spec: maxUnavailable: 1 selector: matchLabels: app: myapp
Note: minAvailable and maxUnavailable cannot be both set in a single yaml. You need to create two pod disruption budget if you are configuring both minAvailable and maxUnavailable for your application deployment
2) We have already deployed our application with label app: myapp. To configure pod disruption budget, save the above two PodDisruptionBudget yamls and deploy it in the kubernetes cluster by executing the below commands:
kubectl apply -f pdbmin.yaml kubectl apply -f pdbmax.yaml
Now Pod Disruption Budget is applied for the label app: myapp
3) Verify the pod disruption budgets by executing the below command:
kubectl get poddisruptionbudgets