How to use existing Public IPs for Load Balancers

We show you how an existing Public IP Address can be used to expose a Kubernetes service. This is beneficial if you want to rely on a service to have a static Public IP Address, for example if you can’t use dynamic DNS. The Public IP Address stays the same even if the service is deleted and recreated.

Default behavior

The default behavior for the SKE Load Balancer solution is to acquire a new Public IP Address for any service that you wish to expose using type: LoadBalancer. When a service is deleted, the according Load Balancer is removed, together with the floating IP attached to it. Recreating the service will most likely lead to a different Public IP Address being assigned to the service.

This behavior might be undesirable and can be mitigated as described below.

Use existing Public IP Address for services

In order to assign an existing Public IP Address to a Kubernetes service, you need to create one first. Head to the STACKIT Cloud Portal and go to Networking > Public IP Address. Click on Create Public IP Address button to order fee-based.

Once the Public IP Address is created, copy it.
You can create a workload and a service to expose it. Take a look at the following example:

nginx.yaml

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app.kubernetes.io/name: proxy
spec:
  containers:
    - name: nginx
      image: nginx:stable
      ports:
        - containerPort: 80
          name: http-web-svc
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  annotations:
    lb.stackit.cloud/external-address: "<insert public IP here>"
spec:
  selector:
    app.kubernetes.io/name: proxy
  ports:
    - name: http-port
      protocol: TCP
      port: 80
      targetPort: http-web-svc
  type: LoadBalancer

In this example, we create an NGINX webserver running in a single Pod. The service of type: LoadBalancer exposes this webserver to the public. Note the service annotation: Using lb.stackit.cloud/external-address with the Public IP Address you just created, we make sure that the LoadBalancer uses this Public IP Address.

Create the Kubernetes resources

Create Kubernetes resources

kubectl apply -f nginx.yaml

Once the service shows the Public IP Address as the external IP, you can access the webserver by visiting the IP address in a browser.

To verify the feature works as expected, you can delete and recreate the resources. The recreated Service will be assigned the same IP as before:

kubectl delete -f nginx.yaml

Wait until the resources are gone and recreate them:

kubectl apply -f nginx.yaml

Using existing IP created by Load Balancer itself

A special case of using an existing IP for your Load Balancer via Service annotation is if you specify the IP that a Load Balancer already uses. SKE Load Balancers support this feature. The Load Balancer will essentially stop managing the IP, but will still use it. You could safely delete and recreate the service and get the same IP as before. To do this, add the public Load Balancer IP (that is currently used) as ExistingIP via the annotation as described above. Thus, you can convert an IP managed by the Load Balancer to one managed by you, without any IPs changing.

Implications

You can assign precreated Public IP Addresses to services. This separates the creation of Public IP Addresses from the creation of LoadBalancers.
When services using LoadBalancers are deleted, the IP remains. You can recreate the service with the annotation, and the LoadBalancer will reuse the IP.
Using this feature, you are responsible for deleting Public IP Addresses. If you delete the Kubernetes service, the precreated Public IP Addresses will remain, incurring further costs until you delete it.

Further information

Load balancing in SKE
Public IP Addresses at STACKIT