Use annotations for Load Balancers #
Annotations are a way to add custom, non-identifiable metadata to objects. They are used to configure additional behavior for Load Balancers service in Kubernetes clusters beyond the standard configuration offerings. Learn more about annotations in the official Kubernetes documentation.
You can add annotations via the command line (kubectl) or the Kubernetes service manifest using the annotations field as follows:
metadata: {
annotations: {
key: "value"
}
}
Below, we have compiled annotations that apply to clusters created in VNETWORK:
Key (annotation) | Value sample | Type | Description |
---|---|---|---|
loadbalancer.gcorelabs.com/ | { "profile_template":65, | Integer | Configures and ads the DDoS Protection profile to the Load Balancer |
loadbalancer.gcorelabs.com/ | lb1-1-2 | String | Specifies a custom name for the flavor |
loadbalancer.gcorelabs.com/ | true | Boolean | Automatically cleans up the floating IP assigned to the load balancer after deleting the service |
loadbalancer.gcorelabs.com/ | topic-123 | String | Specifies LaaS topic name for pushing logs. Note: Must be used with the logging-destination-region-id, otherwise logs won’t be sent to LaaS |
loadbalancer.gcorelabs.com/ | 1 | Integer | Specifies LaaS destination region. Note: Must be used with the logging-topic-name, otherwise logs won’t be sent to LaaS |
loadbalancer.gcorelabs.com/ | 45 | Integer | Configures log retention policy for LaaS topic (in days) |
loadbalancer.gcorelabs.com/ | true | Boolean | Enables proxy protocol type for Load Balancer listeners |
loadbalancer.gcorelabs.com/ | 6000 | Integer | Sets client data timeouts for Load Balancer listeners (in msec). Note: When removed, the previously set value in effect |
loadbalancer.gcorelabs.com/ | 6000 | Integer | Sets member connect timeouts for Load Balancer listeners (in msec). Note: When removed, the previously set value in effect |
loadbalancer.gcorelabs.com/ | 6000 | Integer | Sets member data timeouts for Load Balancer listeners (in msec). Note: When removed, the previously set value in effect |
loadbalancer.gcorelabs.com/ | true | Boolean | Adds the “X-Forwarded-For,” “X-Forwarded-Port” and “X-Forwarded-Proto“ headers to requests |
service.beta.kubernetes.io/ | true | Boolean | Disables floating IP creation and makes the Load Balancer non available for external requests |
service.beta.kubernetes.io/ | true | Boolean | Makes the Load Balancer public |
Examples #
Here, several examples of annotations using are presented.
To assign an Advanced DDoS protection profile to your cluster, use the following code in the manifest:
apiVersion: v1
kind: Service
metadata:
annotations:
loadbalancer.gcorelabs.com/ddos-profile: |
{"profile_template":65,"fields":[{"base_field":272,"field_value":40}]}
labels:
app: grafana
name: grafana
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: grafana
type: LoadBalancer
Instead of the sample values (65
, 272
, and 40
), use the appropriate values for your project. The value format is the same as supported by the public DDoS Protection API.
To enable logging for your cluster, use the following one:
apiVersion: v1
kind: Service
metadata:
annotations:
loadbalancer.gcorelabs.com/logging-topic-name: test123
loadbalancer.gcorelabs.com/logging-destination-region-id: 15
labels:
app: grafana
name: grafana
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: grafana
type: LoadBalancer
Instead of the sample values (test123
and 15
), use the appropriate values for your project.