ovh · antonin-a · Jan 19, 2024 · Jan 19, 2024 · Feb 9, 2024 · Feb 9, 2024
diff --git a/.DS_Store b/.DS_Store
diff --git a/containers-orchestration/.DS_Store b/containers-orchestration/.DS_Store
diff --git a/...ers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb/lb_base.yaml b/...ers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb/lb_base.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-basic
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer
diff --git a/...hestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb/readme.md b/...hestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb/readme.md
@@ -0,0 +1,4 @@
+# Basic Public Cloud Load Balancer demo
+
+## Description
+Here is a basic example of how to expose your application using a Service type LoadBalancer relying on OVHcloud Public Cloud LoadBalancer.
diff --git a/...stration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_keepip/lb_keepip.yaml b/...stration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_keepip/lb_keepip.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-keepip
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    loadbalancer.openstack.org/keep-floatingip: "true" # Once the IP has been created with this flag, K8S cluster will not manage his deletion / Can be set AFTER the creation
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer
diff --git a/...ic-cloud-load-balancer/basic_lb_keepip/lb_keepip_reuse_or_already_existing_in_tenant.yaml b/...ic-cloud-load-balancer/basic_lb_keepip/lb_keepip_reuse_or_already_existing_in_tenant.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-keepip-with-existing-ip
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+  labels:
+    app: test-octavia
+spec:
+  loadBalancerIP: xx.xx.xx.xx # Public Floating IP you want to use. This annontation is deprecated since K8S 1.24 but still used
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer
diff --git a/...ion/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_keepip/readme.md b/...ion/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_keepip/readme.md
@@ -0,0 +1,6 @@
+# Basic Public Cloud Load Balancer and Keep/Re-use IP demo
+
+## Description
+[lb_keepip.yaml](./lb_keepip.yaml) is an example of how to keep the Public Floating IP attached to your Public Cloud LoadBalancer even if you delete your Service/LoadBalancer. In case of Service and LoadBalancer deletion, the Floating IP will be unbound and will remains available on your OVHcloud Public Cloud project. 
+
+Using [lb_keepip_reuse_or_already_existing_in_tenant.yaml](./lb_keepip_reuse_or_already_existing_in_tenant.yaml) you can use (or re-use) an existing Floating IP available on your OVHcloud Public Cloud project.
diff --git a/...ration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_udp_tcp/lb_tcp_udp.yaml b/...ration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_udp_tcp/lb_tcp_udp.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-udp-tcp
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  - name: client-udp
+    port: 80
+    protocol: UDP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer
diff --git a/...on/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_udp_tcp/readme.md b/...on/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_udp_tcp/readme.md
@@ -0,0 +1,4 @@
+# Basic Public Cloud Load Balancer using UDP demo
+
+## Description
+Here is a basic example on how to use your Public Cloud LoadBalancer with UDP protocol.
diff --git a/...ion/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_with_flavor/lb_flavor.yaml b/...ion/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_with_flavor/lb_flavor.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-medium
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    loadbalancer.ovhcloud.com/flavor: "medium"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer
diff --git a/...anaged-kubernetes/use-public-cloud-load-balancer/basic_lb_with_flavor/readme.md b/...anaged-kubernetes/use-public-cloud-load-balancer/basic_lb_with_flavor/readme.md
@@ -0,0 +1,6 @@
+# Basic Public Cloud Load Balancer using flavor demo
+
+## Description
+Here is a basic example on how to specify the flavor that you want to use for your Public Cloud LoadBalancer.
+If not specified, LoadBalancer will be created using a Small flavor.
+You can find the OVHcloud Public Cloud loadbalancer flavor list: https://help.ovhcloud.com/csm/en-ie-public-cloud-network-octavia-use-lbaas-openstack?id=kb_article_view&sysparm_article=KB0050296
diff --git a/...chestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_basic/nginx_base.yaml b/...chestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_basic/nginx_base.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:latest
+        ports:
+        - containerPort: 80
diff --git a/...estration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/acme-config.yml b/...estration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/acme-config.yml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: main
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
diff --git a/...tration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/deploy_nginx.bash b/...tration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/deploy_nginx.bash
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace --values ./value.yaml
diff --git a/...tration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/ingress_base.yaml b/...tration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/ingress_base.yaml
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: "main"
+  name: ngx-deploy-ingress
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - octavia.lgr-k8s.ovh
+    secretName: octavia-secret
+  rules:
+  - host: octavia.lgr-k8s.ovh
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deployment
+            port:
+              number: 80
diff --git a/...-orchestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/value.yaml b/...-orchestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/value.yaml
@@ -0,0 +1,8 @@
+controller:
+  service:
+    annotations:
+      loadbalancer.ovhcloud.com/class: "octavia"
+      loadbalancer.openstack.org/proxy-protocol: "true"
+      loadbalancer.ovhcloud.com/flavor: "large" # OVHcloud Public Cloud loadbalancer flavor list: https://help.ovhcloud.com/csm/en-ie-public-cloud-network-octavia-use-lbaas-openstack?id=kb_article_view&sysparm_article=KB0050296
+  config:
+    use-proxy-protocol: "true"
diff --git a/...rchestration/managed-kubernetes/use-public-cloud-load-balancer/private_lb/lb_private.yaml b/...rchestration/managed-kubernetes/use-public-cloud-load-balancer/private_lb/lb_private.yaml
@@ -0,0 +1,19 @@
+# Only available with a MKS cluster attached to a Private network
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-private
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer
diff --git a/...-kubernetes/use-public-cloud-load-balancer/private_lb/lb_private_with_openstack_port.yaml b/...-kubernetes/use-public-cloud-load-balancer/private_lb/lb_private_with_openstack_port.yaml
@@ -0,0 +1,20 @@
+# Only available with a MKS cluster attached to a Private network
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-private-with-openstack-port
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
+    loadbalancer.openstack.org/port-id: "4c758644-af77-4e60-9e24-bc5e67295ac0"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer
diff --git a/...stration/managed-kubernetes/use-public-cloud-load-balancer/private_lb/readme.md b/...stration/managed-kubernetes/use-public-cloud-load-balancer/private_lb/readme.md
@@ -0,0 +1,26 @@
+# Private Load Balancer Demo
+
+## Description
+Here is a basic example of how to expose your application using a Service type LoadBalancer in a private way.
+
+## Create a private Load Balancer:
+You have to provide the following annotation:
+`service.beta.kubernetes.io/openstack-internal-load-balancer: "true"`
+
+## Specify the private IP
+You need to provide a PortI
+
+1. Create a OpenStack port and use this as LB Ip address
+
+  Without specifying the IP\
+  `$ openstack port create --network bdd4fc7c-6a27-43d6-940a-8ed51e1fd22c --fixed-ip subnet=187dc936-c4ea-49ca-aff5-0a5eb7062ed9 my-lb-app-port`\
+  Where: --network = network name or ID, subnet= subnet name or ID
+
+  Or with a specific IP of your subnet \
+  `$ openstack port create --network bdd4fc7c-6a27-43d6-940a-8ed51e1fd22c --fixed-ip subnet=187dc936-c4ea-49ca-aff5-0a5eb7062ed9, ip-address=10.0.2.2 my-lb-app-port-2`
+
+  Retrieve the portID :
+  `$openstack port list --name my-lb-app-port-2`
+
+2. Add the portID to your Kubernetes Service manifest (cf. [exemple](./lb_private_with_openstack_port.yaml))\
+`loadbalancer.openstack.org/port-id: "4c758644-af77-4e60-9e24-bc5e67295ac0"`
diff --git a/...iners-orchestration/managed-kubernetes/use-public-cloud-load-balancer/readme.md b/...iners-orchestration/managed-kubernetes/use-public-cloud-load-balancer/readme.md
@@ -0,0 +1,82 @@
+## Use OVHcloud Public Load Balancer
+
+### Examples
+
+├── [basic_lb](./basic_lb) \
+├── [basic_lb_keepip](./basic_lb_keepip) \
+├── [basic_lb_udp_tcp](./basic_lb_udp_tcp) \
+├── [basic_lb_with_flavor](./basic_lb_with_flavor) \
+├── [nginx_basic](./nginx_basic) \
+├── [nginx_ingress](./nginx_ingress) \
+├── [private_lb](./private_lb) \
+├── [resize_lb](./resize_lb) \
+└── [tcp_tweak_lb](./tcp_tweak_lb)
+
+
+### General Information
+This set of example aim to help you to use OVHcloud Public Cloud Load Balancer to expose your app hosted on [Managed Kubernetes Service (MKS)](https://www.ovhcloud.com/en/public-cloud/kubernetes/).
+
+If you're not comfortable with the different ways of exposing your applications in Kubernetes, or if you're not familiar with the notion of service type 'loadbalancer', we do recommend to start by reading the guide explaining how to [Expose your app deployed on an OVHcloud Managed Kubernetes Service](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-using-lb?id=kb_article_view&sysparm_article=KB0050008), you can find the details on different methods to expose your containerized applications hosted in Managed Kubernetes Service.
+
+Our Public Cloud Load Balancer is relying on Openstack Octavia project, this project provides a Cloud Controller Manager (CCM) allowing Kubernetes clusters to interact with Load Balancers. For Managed Kubernetes Service (MKS), this Cloud Controller is installed and configured by our team allowing you to easily create, use and configure our Public Cloud Load Balancers. You can find the CCM opensource project documentation [here](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/openstack-cloud-controller-manager/expose-applications-using-loadbalancer-type-service.md)
+
+This guide uses some concepts that are specific to our Public Cloud Load Balancer (listener, pool, health monitor, member, ...)  and to the OVHcloud Public Cloud Network (Gateway, Floating IP). You can find more informations regarding Public Cloud Network products concepts on our official documentation, for example [network concepts](https://help.ovhcloud.com/csm/worldeuro-documentation-public-cloud-network-concepts?id=kb_browse_cat&kb_id=574a8325551974502d4c6e78b7421938&kb_category=9a19a664ede06d102d4c139330b8ce8f) and [loadbalancer concept](https://help.ovhcloud.com/csm/en-ie-public-cloud-network-concepts?id=kb_article_view&sysparm_article=KB0050139)
+
+
+### Prerequisites
+To be able to deploy a [Public Cloud Load Balancer](https://www.ovhcloud.com/en-ie/public-cloud/load-balancer/), you should have a running Managed Kubernetes Service and it must run or have been upgraded to the following patch versions:
+
+| Kubernetes versions |
+|-------------|
+| 1.24.13-3>= |   
+| 1.25.9-3>=  |   
+| 1.26.4-3>=  |   
+| 1.27>=      |  
+
+
+### Setup
+- Deployment of a functional Managed Kubernetes (MKS) cluster using the [OVHcloud manager](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-create-cluster?id=kb_article_view&sysparm_article=KB0037221), [Terraform](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-create-cluster-with-terraform?id=kb_article_view&sysparm_article=KB0049684), [Pulumi](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-create-cluster-with-pulumi?id=kb_article_view&sysparm_article=KB0059712) or [APIs](https://api.ovh.com/console-preview/?section=%2Fcloud&branch=v1#post-/cloud/project/-serviceName-/kube).
+- Retrieve the kubeconfig file needed to use kubectl tool (via OVHcloud manager, Terraform, Pulumi or API). You can use [this guide](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-configure-kubectl?id=kb_article_view&sysparm_article=KB0049658)
+
+### Demo
+
+Here's a simple example of how to use the Public Cloud Load Balancer
+
+1. Create a Namespace and a Deployment resource using the following command:
+```shell
+kunectl create namespace test-lb-ns
+kubectl create deployment test-lb --image=nginx -n=test-lb-ns
+```
+2. Copy/Paste the following code on a file named `test-lb-service.yaml`
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: test-lb
+  name: test-lb-service
+  namespace: test-lb-ns
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    loadbalancer.ovhcloud.com/flavor: "small"
+spec:
+  ports:
+  - name: 80-80
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: test-lb
+  type: LoadBalancer
+```
+3. Create a 'Service' using the following command:
+```shell
+kubectl apply -f test-lb-service.yaml
+```
+4. Retrieve Service IP address using the following command line:
+```shell
+$ kubectl get service test-lb-service -n=test-lb-ns
+NAME                 TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)        AGE
+test-lb-service      LoadBalancer   10.3.107.18   xx.xx.xx.xx   80:30172/TCP   12m
+```
+5. Open a web browser and access: http://141.94.215.240
-5. Open a web browser and access: http://141.94.215.240
+5. Open a web browser and access: http://xx.xx.xx.xx
-5. Open a web browser and access: http://141.94.215.240
+5. Open a web browser and access: http://xx.xx.xx.xx
diff --git a/...stration/managed-kubernetes/use-public-cloud-load-balancer/resize_lb/1_small_service.yaml b/...stration/managed-kubernetes/use-public-cloud-load-balancer/resize_lb/1_small_service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-small-to-upgrade
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    # Default flavor is small
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer
diff --git a/...stration/managed-kubernetes/use-public-cloud-load-balancer/resize_lb/2_small_service.yaml b/...stration/managed-kubernetes/use-public-cloud-load-balancer/resize_lb/2_small_service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-small-to-upgrade
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    loadbalancer.openstack.org/keep-floatingip: "true" # Post-adding the keep-floatingip annotation
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer