If you are running your Kubernetes cluster on Oracle Container Engine
for Kubernetes (commonly known as OKE), then you can have OCI automatically
provision load balancers for you by creating a Service
of type
LoadBalancer
instead of (or in addition to) installing an
ingress controller like Traefik.
OKE Kubernetes worker nodes typically do not have public IP addresses.
This means that the NodePort
services created by the operator are
not usable, because they would expose ports on the worker node’s private
IP addresses only, which are not reachable from outside the cluster.
Instead, you can use an OCI load balancer to provide access
to services running in OKE.
It is also possible, if desirable, to have an OCI load balancer route traffic to an ingress controller running inside the Kubernetes cluster and have that ingress controller in turn route traffic to services in the cluster.
When your domain is created by the operator, a number of Kubernetes services are created by the operator, including one for the WebLogic Server Administration Server and one for each Managed Server and cluster.
In the example below, there is a domain called bobs-bookstore
in the
bob
namespace. This domain has a cluster called cluster-1
which
exposes traffic on port 31111
.
The Kubernetes YAML file below defines a new Service
in the same
namespace. The selector
targets all of the pods in this namespace
which are part of the cluster cluster-1
, using the annotations that
are placed on those pods by the operator. It also defines the port and
protocol.
You can include the optional oci-load-balancer-shape
annotation (as
shown) if you want to specify the shape of the load balancer. Otherwise
the default shape (100Mbps) will be used.
apiVersion: v1
kind: Service
metadata:
name: bobs-bookstore-oci-lb-service
namespace: bob
annotations:
service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps
spec:
ports:
- name: http
port: 31111
protocol: TCP
targetPort: 31111
selector:
weblogic.clusterName: cluster-1
weblogic.domainUID: bobs-bookstore
sessionAffinity: None
type: LoadBalancer
When you apply this YAML file to your cluster, you will see the new service is created
but initially the external IP is shown as <pending>
.
$ kubectl -n bob get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
bobs-bookstore-admin-server ClusterIP None <none> 8888/TCP,7001/TCP,30101/TCP 9d
bobs-bookstore-admin-server-ext NodePort 10.96.224.13 <none> 7001:32401/TCP 9d
bobs-bookstore-cluster-cluster-1 ClusterIP 10.96.86.113 <none> 8888/TCP,8001/TCP,31111/TCP 9d
bobs-bookstore-managed-server1 ClusterIP None <none> 8888/TCP,8001/TCP,31111/TCP 9d
bobs-bookstore-managed-server2 ClusterIP None <none> 8888/TCP,8001/TCP,31111/TCP 9d
bobs-bookstore-oci-lb-service LoadBalancer 10.96.121.216 <pending> 31111:31671/TCP 9s
After a short time (typically less than a minute), the OCI load balancer will be provisioned and the external IP address will be displayed:
$ kubectl -n bob get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
bobs-bookstore-admin-server ClusterIP None <none> 8888/TCP,7001/TCP,30101/TCP 9d
bobs-bookstore-admin-server-ext NodePort 10.96.224.13 <none> 7001:32401/TCP 9d
bobs-bookstore-cluster-cluster-1 ClusterIP 10.96.86.113 <none> 8888/TCP,8001/TCP,31111/TCP 9d
bobs-bookstore-managed-server1 ClusterIP None <none> 8888/TCP,8001/TCP,31111/TCP 9d
bobs-bookstore-managed-server2 ClusterIP None <none> 8888/TCP,8001/TCP,31111/TCP 9d
bobs-bookstore-oci-lb-service LoadBalancer 10.96.121.216 132.145.235.215 31111:31671/TCP 55s
You can now use the external IP address and port to access your pods. There are several options that can be used to configure more advanced load balancing behavior. For more information, including how to configure SSL support, supporting internal and external subnets, and so one, refer to the OCI documentation.