Configuring Load Balancers with Annotations in Kubernetes

Dec 11, 2024

Review your configurations and click Create Load Balancer.

Annotations in Kubernetes provide a way to attach custom metadata to objects, allowing users to configure specific behaviors or features beyond standard options. This flexibility is particularly useful for fine-tuning Load Balancer services in your Kubernetes clusters. To explore annotations further, you can refer to the official Kubernetes documentation.

Annotations can be applied via the Kubernetes command-line tool (kubectl) or defined in the service manifest by including them under the metadata.annotations section. Here’s an example of the structure:

metadata: annotations: key: "value"

For Gcore-powered clusters, specific annotations are available to enhance Load Balancer functionality. Below is a summary of these annotations:

Key (Annotation)	Example Value	Type	Description
`loadbalancer.gcorelabs.com/ddos-profile`	`{"profile_template":65, "fields": [{ "base_field":272, "field_value":40 }]}`	Integer	Applies a DDoS Protection profile to the Load Balancer.
`loadbalancer.gcorelabs.com/flavor`	`lb1-1-2`	String	Sets a custom flavor name for the Load Balancer.
`loadbalancer.gcorelabs.com/floating-cleanup`	`true`	Boolean	Automatically removes floating IPs when the Load Balancer is deleted.
`loadbalancer.gcorelabs.com/logging-topic-name`	`topic-123`	String	Specifies a LaaS topic for logging (must be used with logging-destination-region-id).
`loadbalancer.gcorelabs.com/logging-destination-region-id`	`1`	Integer	Defines the LaaS destination region for logs (must be paired with logging-topic-name).
`loadbalancer.gcorelabs.com/logging-retention-policy-period`	`45`	Integer	Sets the log retention period in days.
`loadbalancer.gcorelabs.com/proxy-protocol`	`true`	Boolean	Enables proxy protocol for Load Balancer listeners.
`loadbalancer.gcorelabs.com/timeout-client-data`	`6000`	Integer	Configures client data timeouts (in milliseconds).
`loadbalancer.gcorelabs.com/timeout-member-connect`	`6000`	Integer	Sets member connection timeouts (in milliseconds).
`loadbalancer.gcorelabs.com/timeout-member-data`	`6000`	Integer	Defines member data timeouts (in milliseconds).
`loadbalancer.gcorelabs.com/x-forwarded-for`	`true`	Boolean	Adds headers such as X-Forwarded-For to incoming requests.
`service.beta.kubernetes.io/gcore-internal-load-balancer`	`true`	Boolean	Makes the Load Balancer internal by disabling floating IP creation.
`service.beta.kubernetes.io/gcore-external-load-balancer`	`true`	Boolean	Configures the Load Balancer to be publicly accessible.

Practical Examples

Below are examples of how to use these annotations in Kubernetes service manifests.

Applying DDoS Protection

To enable an advanced DDoS protection profile for your Load Balancer, include the following in your service manifest:

apiVersion: v1 kind: Service metadata: annotations: loadbalancer.gcorelabs.com/ddos-profile: | { "profile_template":65, "fields":[{"base_field":272, "field_value":40}] } labels: app: grafana name: grafana namespace: default spec: ports: port: 80 protocol: TCP targetPort: 80 selector: app: grafana type: LoadBalancer

Replace 65, 272, and 40 with the appropriate values for your project. These values should align with the configuration supported by the public DDoS Protection API.

Enabling Logging

To configure logging for your cluster, you can use the following example:

apiVersion: v1 kind: Service metadata: annotations: loadbalancer.gcorelabs.com/logging-topic-name: test123 loadbalancer.gcorelabs.com/logging-destination-region-id: 15 labels: app: grafana name: grafana namespace: default spec: ports: port: 80 protocol: TCP targetPort: 80 selector: app: grafana type: LoadBalancer