Skip to main content
logoTetrate Service BridgeVersion: 1.11.x

Client Side Load Balancing

This doc will cover how to achieve client side load balancing for applications by configuring load balancing distribution based on the client IP of the service.

Before you get started, make sure you:
✓ Familiarize yourself with TSB concepts
✓ Install the TSB environment. You can use TSB demo for quick install
✓ Completed TSB usage quickstart.

TSB Configuration

The following YAML file has three objects - a Workspace for the application, a Gateway group so that you can configure the application ingress, and a Traffic group that will allow you to configure the canary release process.

apiversion: api.tsb.tetrate.io/v2
kind: Workspace
metadata:
  organization: tetrate
  tenant: tetrate
  name: helloworld-ws
spec:
  namespaceSelector:
    names:
      - '*/helloworld'
---
apiVersion: gateway.tsb.tetrate.io/v2
kind: Group
metadata:
  organization: tetrate
  tenant: tetrate
  workspace: helloworld-ws
  name: helloworld-gw
spec:
  namespaceSelector:
    names:
      - '*/helloworld'
  configMode: BRIDGED
---
apiVersion: traffic.tsb.tetrate.io/v2
kind: Group
metadata:
  organization: tetrate
  tenant: tetrate
  workspace: helloworld-ws
  name: helloworld-trf
spec:
  namespaceSelector:
    names:
      - '*/helloworld'
  configMode: BRIDGED

Store the file as helloworld-ws-groups.yaml, and apply with tctl:

tctl apply -f helloworld-ws-groups.yaml

Deploy Application

To deploy your application, start by creating the namespace and enable the Istio sidecar injection.

kubectl create namespace helloworld
kubectl label namespace helloworld istio-injection=enabled

Then deploy your application.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloworld-v1
  namespace: helloworld
spec:
  replicas: 3
  selector:
    matchLabels:
      app: helloworld
      version: v1
  template:
    metadata:
      labels:
        app: helloworld
        version: v1
    spec:
      containers:
        - name: hello
          image: 'gcr.io/google-samples/hello-app:1.0'
          env:
            - name: 'PORT'
              value: '8080'
---
apiVersion: v1
kind: Service
metadata:
  name: helloworld
  namespace: helloworld
spec:
  selector:
    app: helloworld
  ports:
    - protocol: TCP
      port: 443
      targetPort: 8080

Store as helloworld-1.yaml, and apply with kubectl:

kubectl apply -f helloworld-1.yaml

Note that you're deploying 3 replicas for this deployment.

In this example, you're going to expose the application using simple TLS at the gateway. You'll need to provide it with a TLS certificate stored in a Kubernetes secret.

kubectl create secret tls -n helloworld helloworld-cert \
    --cert /path/to/some/helloworld-cert.pem \
    --key /path/to/some/helloworld-key.pem

Deploy IngressGateway

Configure IngressGateway as shown below

apiVersion: install.tetrate.io/v1alpha1
kind: Gateway
metadata:
  name: tsb-helloworld-gateway
  namespace: helloworld
spec:
  type: INGRESS
  kubeSpec:
    service:
      type: LoadBalancer

Save as helloworld-ingress.yaml, and apply with kubectl:

kubectl apply -f helloworld-ingress.yaml

The TSB data plane operator in the cluster will pick up this configuration and deploy the gateway's resources in your application namespace. Finally, configure the gateway so that it routes traffic to your application.

apiVersion: gateway.tsb.tetrate.io/v2
kind: Gateway
metadata:
  name: helloworld-gateway
  group: helloworld-gw
  workspace: helloworld-ws
  tenant: tetrate
  organization: tetrate
spec:
  workloadSelector:
    namespace: helloworld
    labels:
      app: tsb-helloworld-gateway
  http:
    - name: helloworld
      port: 443
      hostname: helloworld.tetrate.com
      tls:
        mode: SIMPLE
        secretName: helloworld-cert
      routing:
        rules:
          - route:
              serviceDestination:
                host: helloworld/helloworld.helloworld.svc.cluster.local
                port: 5000

Save as helloworld-gw.yaml, and apply with tctl:

tctl apply -f helloworld-gw.yaml

You can check that your application is reachable by opening your web browser and directing it to the gateway service IP or domain name (depending on your configuration).

At this point, your application will load balance using Round Robin by default. Now, configure client-side load balancing and use the source IP.

Configure Load Balancing

Configure TrafficSetting for helloworld service to use ConsistentHashLB to provide a soft session affinity based on source IP address. This is applicable for both TCP and HTTP connections.

apiVersion: traffic.tsb.tetrate.io/v2
kind: TrafficSetting
metadata:
  name: helloworld-traffic-setting
  group: helloworld-trf
  workspace: helloworld-ws
  tenant: tetrate
  organization: tetrate
spec:
  outbound:
    upstreamTrafficSettings:
      - hosts:
          - helloworld.helloworld.svc.cluster.local
        settings:
          loadBalancer:
            consistentHash:
              userSourceIP: true

Save as helloworld-client-lb.yaml, and apply with tctl:

tctl apply -f helloworld-client-lb.yaml

Now, the same pod is being used as a backend for all our requests coming from the same IP.

In this example you have used the source IP, but there are other methods allowed too; using the header of an HTTP request, or configuring an HTTP cookie.