LoadBalancer IP address management
Understanding Calico Cloud LoadBalancer IP address management​
You might want to utilize Service of type LoadBalancer in your cluster to provide stable long-lasting IP address to access your deployed application. Calico Cloud can help you with providing and managing IP addresses to your Services in your cluster. Calico Cloud comes with LoadBalancer IPAM deployed as part of Calico Cloud Kube-controllers.
Before you begin...​
Ensure that you have a cluster with Calico Cloud installed, and kube-controllers configured and running.
IP Pool for Service of type LoadBalancer​
Calico Cloud does not automatically provide default IP Pool for LoadBalancer IP address management. You will need to create an IP Pool with allowedUses LoadBalancer for Calico Cloud to start assigning Service IPs.
apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
name: loadbalancerIPPool
spec:
cidr: 192.210.0.0/20
blockSize: 24
natOutgoing: true
disabled: false
assignmentMode: Automatic
allowedUses:
- LoadBalancer
You can create multiple IP Pools with allowedUses LoadBalancer as long as there are no CIDR conflicts. By setting assignmentMode to Manual you can reserve the IP Pool for manual assignments only. Explore more about manual assignment
Automatic Service IP address assignment​
When you create Service of type LoadBalancer Calico Cloud kube-controller will automatically detect the new Service and assign an IP address from available IP Pool. If no address is available, the Service will remain in pending state until an address is available.
apiVersion: v1
kind: Service
metadata:
name: service-loadbalancer
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
name: default
type: LoadBalancer
Manual Service IP address assignment​
There are cases where you would like to be more specific about what IP address Calico Cloud assigns to your Service. With annotations, you can specify how IP address should be assigned. The annotations can be added and removed as needed during the lifetime of the Service. When you remove an annotation Calico Cloud kube-controller will check if the assigned IP is still valid and potentially assign a new one.
Specify IP Pool​
IPv4 Pool​
Annotate the Service with projectcalico.org/ipv4pools to assign IP address from the selected IP Pools. You can specify multiple IP Pools in this annotation, Calico Cloud will pick an available IP address to assign.
"projectcalico.org/ipv4pools": '["loadBalancerIPv4Pool"]'
IPv6 Pool​
Annotate the Service with projectcalico.org/ipv6pools to assign IP address from the selected IP Pools. You can specify multiple IP Pools in this annotation, Calico Cloud will pick an available IP address to assign.
"projectcalico.org/ipv6pools": '["loadBalancerIPv6Pool"]'
In dual-stack environment you don't have to specify both annotations. If IP Pool was not specified for IP family, Calico Cloud will automatically assign available IP address from available IP Pool
Specifying IP address​
Annotate the Service with projectcalico.org/loadBalancerIPs to assign specific IP address. The address must be available otherwise Calico Cloud will not be able to assign the address. Currently you can only specify one IPv4 and one IPv6 address at the same time.
"projectcalico.org/loadBalancerIPs": '["x.x.x.x"]'
If Service contains "projectcalico.org/loadBalancerIPs" annotation and either "projectcalico.org/ipv6pools" or "projectcalico.org/ipv4pools" are present, Calico Cloud will favour projectcalico.org/loadBalancerIPs annotation and try to assign that IP address. There is no fall back to an IP Pool if the specified address is not available.
Manage LoadBalancer kube-controller assignment mode​
In certain cases you might not wish for Calico Cloud to automatically assign IP addresses to your Service. This can be useful in case you have multiple Service IPAM solutions in your cluster.
LoadBalancer kube-controller is able to operate in two distinct modes Automatic in which Calico Cloud assigns IP address to each Service in your cluster and RequestedServicesOnly in which Calico Cloud only assigns IP addresses to Service with annotations mentioned above.
You can change the mode at any point, but note that switching to RequestedServicesOnly will unassign any addresses from Services that do not contain the above annotations.
kubectl patch kubecontrollersconfiguration default --patch '{"spec": {"controllers":{"loadBalancer":{"AssignIPs": "RequestedServicesOnly"}}}}'
Additional resources​
Calico LoadBalancer IP address management works in conjunction with other Calico Cloud components. Calico Cloud kube-controllers provides only the IP address management, to advertise LoadBalancer IPs you will have to update your BGP configuration. You can find out more information at: