The CCM supports two types of LoadBalancer implementations:
- Linode NodeBalancers (default)
- BGP-based IP sharing
For implementation examples, see Basic Service Examples.
When using NodeBalancers, the CCM automatically:
- Creates and configures a NodeBalancer
- Sets up backend nodes
- Manages health checks
- Handles SSL/TLS configuration
For more details, see Linode NodeBalancer Documentation.
Create a LoadBalancer service:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
selector:
app: my-appSee Advanced Configuration Examples for more complex setups.
Available protocols:
tcp(default)httphttps
Set the default protocol:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-default-protocol: "http"See Service Annotations for all protocol options.
Configure health checks using annotations:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-check-type: "http"
service.beta.kubernetes.io/linode-loadbalancer-check-path: "/healthz"
service.beta.kubernetes.io/linode-loadbalancer-check-interval: "5"
service.beta.kubernetes.io/linode-loadbalancer-check-timeout: "3"
service.beta.kubernetes.io/linode-loadbalancer-check-attempts: "2"Available check types:
none: No health checkconnection: TCP connection checkhttp: HTTP status checkhttp_body: HTTP response body check
For more details, see Health Check Configuration.
- Create a TLS secret:
apiVersion: v1
kind: Secret
metadata:
name: my-tls-secret
type: kubernetes.io/tls
data:
tls.crt: <base64-encoded-cert>
tls.key: <base64-encoded-key>- Reference in service annotation:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-port-443: |
{
"protocol": "https",
"tls-secret-name": "my-tls-secret"
}Limit connections from the same client IP:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-throttle: "5"Enable proxy protocol for client IP preservation:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-default-proxy-protocol: "v2"BGP-based IP sharing provides a more cost-effective solution for multiple LoadBalancer services. For detailed setup instructions, see Cilium BGP Documentation.
- Cilium CNI with BGP control plane enabled
- Additional IP provisioning enabled on your account (contact Linode Support)
- Nodes labeled for BGP peering
- Enable BGP in CCM deployment:
args:
- --load-balancer-type=cilium-bgp
- --bgp-node-selector=cilium-bgp-peering=true
- --ip-holder-suffix=mycluster- Label nodes that should participate in BGP peering:
kubectl label node my-node cilium-bgp-peering=true- Create LoadBalancer services as normal - the CCM will automatically use BGP-based IP sharing instead of creating NodeBalancers.
BGP_CUSTOM_ID_MAP: Use your own map instead of default region map for BGPBGP_PEER_PREFIX: Use your own BGP peer prefix instead of default one
For more details, see Environment Variables.
Specify an existing NodeBalancer:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-nodebalancer-id: "12345"Prevent NodeBalancer deletion when service is deleted:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-preserve: "true"Configure individual ports:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-port-443: |
{
"protocol": "https",
"tls-secret-name": "my-tls-secret",
"proxy-protocol": "v2"
}Add tags to NodeBalancer:
metadata:
annotations:
service.beta.kubernetes.io/linode-loadbalancer-tags: "production,web-tier"