Add Public Cloud Load Balancer examples

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb/lb_base.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-basic
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb/readme.md

@@ -0,0 +1,4 @@
+# Basic Public Cloud Load Balancer demo
+
+## Description
+Here is a basic example of how to expose your application using a Service type LoadBalancer relying on OVHcloud Public Cloud LoadBalancer.

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_keepip/lb_keepip.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-keepip
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    loadbalancer.openstack.org/keep-floatingip: "true" # Once the IP has been created with this flag, K8S cluster will not manage his deletion / Can be set AFTER the creation
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_keepip/lb_keepip_reuse_or_already_existing_in_tenant.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-keepip-with-existing-ip
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+  labels:
+    app: test-octavia
+spec:
+  loadBalancerIP: xx.xx.xx.xx # Public Floating IP you want to use. This annontation is deprecated since K8S 1.24 but still used
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_udp_tcp/lb_tcp_udp.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-udp-tcp
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  - name: client-udp
+    port: 80
+    protocol: UDP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/basic_lb_with_flavor/lb_flavor.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-medium
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    loadbalancer.ovhcloud.com/flavor: "medium" # OVHcloud Public Cloud loadbalancer flavor list: https://help.ovhcloud.com/csm/en-ie-public-cloud-network-octavia-use-lbaas-openstack?id=kb_article_view&sysparm_article=KB0050296
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_basic/nginx_base.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:latest
+        ports:
+        - containerPort: 80

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/acme-config.yml

@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: main
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/deploy_nginx.bash

@@ -0,0 +1,3 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace --values ./value.yaml

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/ingress_base.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: "main"
+  name: ngx-deploy-ingress
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - octavia.lgr-k8s.ovh
+    secretName: octavia-secret
+  rules:
+  - host: octavia.lgr-k8s.ovh
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deployment
+            port:
+              number: 80

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/nginx_ingress/value.yaml

@@ -0,0 +1,8 @@
+controller:
+  service:
+    annotations:
+      loadbalancer.ovhcloud.com/class: "octavia"
+      loadbalancer.openstack.org/proxy-protocol: "true"
+      loadbalancer.ovhcloud.com/flavor: "large" # OVHcloud Public Cloud loadbalancer flavor list: https://help.ovhcloud.com/csm/en-ie-public-cloud-network-octavia-use-lbaas-openstack?id=kb_article_view&sysparm_article=KB0050296
+  config:
+    use-proxy-protocol: "true"

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/private_lb/lb_private.yaml

@@ -0,0 +1,19 @@
+# Only available with a MKS cluster attached to a Private network
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-private
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/private_lb/lb_private_with_openstack_port.yaml

@@ -0,0 +1,20 @@
+# Only available with a MKS cluster attached to a Private network
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-private-with-openstack-port
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
+    loadbalancer.openstack.org/port-id: "4c758644-af77-4e60-9e24-bc5e67295ac0"
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/private_lb/readme.md

@@ -0,0 +1,26 @@
+# Private Load Balancer Demo
+
+## Description
+Here is a basic example of how to expose your application using a Service type LoadBalancer in a private way.
+
+## Create a private Load Balancer:
+You have to provide the following annotation:
+`service.beta.kubernetes.io/openstack-internal-load-balancer: "true"`
+
+## Specify the private IP
+You need to provide a PortI
+
+1. Create a OpenStack port and use this as LB Ip address
+
+  Without specifying the IP\
+  `$ openstack port create --network bdd4fc7c-6a27-43d6-940a-8ed51e1fd22c --fixed-ip subnet=187dc936-c4ea-49ca-aff5-0a5eb7062ed9 my-lb-app-port`\
+  Where: --network = network name or ID, subnet= subnet name or ID
+
+  Or with a specific IP of your subnet \
+  `$ openstack port create --network bdd4fc7c-6a27-43d6-940a-8ed51e1fd22c --fixed-ip subnet=187dc936-c4ea-49ca-aff5-0a5eb7062ed9, ip-address=10.0.2.2 my-lb-app-port-2`
+
+  Retrieve the portID :
+  `$openstack port list --name my-lb-app-port-2`
+
+2. Add the portID to your Kubernetes Service manifest (cf. [exemple](./lb_private_with_openstack_port.yaml))\
+`loadbalancer.openstack.org/port-id: "4c758644-af77-4e60-9e24-bc5e67295ac0"`

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/readme.md

@@ -0,0 +1,82 @@
+## Use OVHcloud Public Load Balancer
+
+### Examples
+
+├── [basic_lb](./basic_lb) \
+├── [basic_lb_keepip](./basic_lb_keepip) \
+├── [basic_lb_udp_tcp](./basic_lb_udp_tcp) \
+├── [basic_lb_with_flavor](./basic_lb_with_flavor) \
+├── [nginx_basic](./nginx_basic) \
+├── [nginx_ingress](./nginx_ingress) \
+├── [private_lb](./private_lb) \
+├── [resize_lb](./resize_lb) \
+└── [tcp_tweak_lb](./tcp_tweak_lb)
+
+
+### General Information
+This set of example aim to help you to use OVHcloud Public Cloud Load Balancer to expose your app hosted on [Managed Kubernetes Service (MKS)](https://www.ovhcloud.com/en/public-cloud/kubernetes/).
+
+If you're not comfortable with the different ways of exposing your applications in Kubernetes, or if you're not familiar with the notion of service type 'loadbalancer', we do recommend to start by reading the guide explaining how to [Expose your app deployed on an OVHcloud Managed Kubernetes Service](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-using-lb?id=kb_article_view&sysparm_article=KB0050008), you can find the details on different methods to expose your containerized applications hosted in Managed Kubernetes Service.
+
+Our Public Cloud Load Balancer is relying on Openstack Octavia project, this project provides a Cloud Controller Manager (CCM) allowing Kubernetes clusters to interact with Load Balancers. For Managed Kubernetes Service (MKS), this Cloud Controller is installed and configured by our team allowing you to easily create, use and configure our Public Cloud Load Balancers. You can find the CCM opensource project documentation [here](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/openstack-cloud-controller-manager/expose-applications-using-loadbalancer-type-service.md)
+
+This guide uses some concepts that are specific to our Public Cloud Load Balancer (listener, pool, health monitor, member, ...)  and to the OVHcloud Public Cloud Network (Gateway, Floating IP). You can find more informations regarding Public Cloud Network products concepts on our official documentation, for example [network concepts](https://help.ovhcloud.com/csm/worldeuro-documentation-public-cloud-network-concepts?id=kb_browse_cat&kb_id=574a8325551974502d4c6e78b7421938&kb_category=9a19a664ede06d102d4c139330b8ce8f) and [loadbalancer concept](https://help.ovhcloud.com/csm/en-ie-public-cloud-network-concepts?id=kb_article_view&sysparm_article=KB0050139)
+
+
+### Prerequisites
+To be able to deploy a [Public Cloud Load Balancer](https://www.ovhcloud.com/en-ie/public-cloud/load-balancer/), you should have a running Managed Kubernetes Service and it must run or have been upgraded to the following patch versions:
+
+| Kubernetes versions |
+|-------------|
+| 1.24.13-3>= |   
+| 1.25.9-3>=  |   
+| 1.26.4-3>=  |   
+| 1.27>=      |  
+
+
+### Setup
+- Deployment of a functional Managed Kubernetes (MKS) cluster using the [OVHcloud manager](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-create-cluster?id=kb_article_view&sysparm_article=KB0037221), [Terraform](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-create-cluster-with-terraform?id=kb_article_view&sysparm_article=KB0049684), [Pulumi](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-create-cluster-with-pulumi?id=kb_article_view&sysparm_article=KB0059712) or [APIs](https://api.ovh.com/console-preview/?section=%2Fcloud&branch=v1#post-/cloud/project/-serviceName-/kube).
+- Retrieve the kubeconfig file needed to use kubectl tool (via OVHcloud manager, Terraform, Pulumi or API). You can use [this guide](https://help.ovhcloud.com/csm/en-ie-public-cloud-kubernetes-configure-kubectl?id=kb_article_view&sysparm_article=KB0049658)
+
+### Demo
+
+Here's a simple example of how to use the Public Cloud Load Balancer
+
+1. Create a Namespace and a Deployment resource using the following command:
+```shell
+kunectl create namespace test-lb-ns
+kubectl create deployment test-lb --image=nginx -n=test-lb-ns
+```
+2. Copy/Paste the following code on a file named `test-lb-service.yaml`
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: test-lb
+  name: test-lb-service
+  namespace: test-lb-ns
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    loadbalancer.ovhcloud.com/flavor: "small"
+spec:
+  ports:
+  - name: 80-80
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: test-lb
+  type: LoadBalancer
+```
+3. Create a 'Service' using the following command:
+```shell
+kubectl apply -f test-lb-service.yaml
+```
+4. Retrieve Service IP address using the following command line:
+```shell
+$ kubectl get service test-lb-service -n=test-lb-ns
+NAME                 TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)        AGE
+test-lb-service      LoadBalancer   10.3.107.18   xx.xx.xx.xx   80:30172/TCP   12m
+```
+5. Open a web browser and access: http://141.94.215.240

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/resize_lb/1_small_service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-small-to-upgrade
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    # Default flavor is small
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/resize_lb/2_small_service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-small-to-upgrade
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+    loadbalancer.openstack.org/keep-floatingip: "true" # Post-adding the keep-floatingip annotation
+  labels:
+    app: test-octavia
+spec:
+  ports:
+  - name: client
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer

containers-orchestration/managed-kubernetes/use-public-cloud-load-balancer/resize_lb/3_medium_service_deploy.yaml

@@ -0,0 +1,20 @@
+# Until the deletion of the previous service, this Service will only deploy the LoadBalancer without the floating IP.
+# When the Floating IP is available (small-service deletion will release the IP), the floationg ip will be attach to this new LB.
+apiVersion: v1
+kind: Service
+metadata:
+  name: octavia-medium-upgraded
+  annotations:
+    loadbalancer.ovhcloud.com/class: "octavia"
+  labels:
+    app: test-octavia
+spec:
+  loadBalancerIP: 57.128.57.253 # Public Floating IP address from the previous service
+  ports:
+  - name: client
+    port: 81
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: LoadBalancer