Tanzu Kubernetes Grid – Create an L4 Type LoadBalancer with Avi

Posted on by Matt Adam

At this point in the guides, we’ve deployed TKGm. Also we’ve deployed a management cluster, and a single guest cluster. Now it’s time to create some applications and test it out!

K8s housekeeping

Create a K8s secret for Docker login

If you are running this cluster in your own personal lab, you might be ok. But in my experience ever since docker started rate limiting the pull requests, I eventually hit a rate limiting pull error and my pods start failing to deploy. You can avert this problem by simply signing up for a free docker registry account, and creating a secret in your k8s cluster. Use the following command to create the k8s secret:

kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=USERNAME--docker-password='SUPERSECRET123!' --docker-email=EMAIL@COMPANY.com

Deploy the Hackazon Application

Create the l4-lb.yaml file

You’re welcome to create any deployment/pod that you would like and create a service to use. Or you can use the example below to deploy the hackazon application. As you can see we are referencing “imagePullSecrets” to utilize the docker secret we had created in the above step. This will deploy a simple hackazon application and expose the pod on port 80. The actual port exposed on the k8s node via the service will be in the range of 30000 – 32767.

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hackazon
spec:
  selector:
    matchLabels:
      app: hackazon
  replicas: 1
  template:
    metadata:
      labels:
        app: hackazon
    spec:
      containers:
      - name: hackazon
        image: ianwijaya/hackazon
        ports:
        - containerPort: 80
        - containerPort: 443
      imagePullSecrets:
      - name: regcred

---

apiVersion: v1
kind: Service
metadata:
  name: hackazon
spec:
  type: LoadBalancer
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: hackazon

Apply the l4-lb.yaml file

Save the above to a file called l4-lb.yaml and run the following command to apply it:

kubectl apply -f l4-lb.yaml

Validate the Hackazon Application

My hackazon pod is now up and running.

Run the following command to see the port that is exposed via the LoadBalancer service.

kubectl get svc -o wide
As you can see the port is 30816, which is the same port we would expect to see in the Avi load balancer.
Validate the configuration in Avi. You can see the 2 pool members (the pool members are the node IPs to your guest cluster) are listening on port 30816