Annotations

VNGCLOUD	Type	Default
/ignore	boolean	false
/load-balancer-id	string
/load-balancer-name	string	auto generate with rule
/package-id	string	lbp-f562b658-0fd4-4fa6-9c57-c1a803ccbf86
/tags	stringMap
/scheme	internal / internet-facing	internet-facing
/security-groups	stringList
/inbound-cidrs	string	0.0.0.0/0
/healthy-threshold-count	integer	'3'
/unhealthy-threshold-count	integer	'3'
/healthcheck-interval-seconds	integer	'30'
/healthcheck-timeout-seconds	integer	'5'
/healthcheck-protocol	TCP / HTTP / HTTPS / PING-UDP	TCP
/healthcheck-http-method	GET / POST / PUT	GET
/healthcheck-path	string	"/"
/healthcheck-http-version	1.0 / 1.1	1.0
/healthcheck-http-domain-name	string	""
/healthcheck-port	integer	traffic port
/success-codes	stringList	'200'
/idle-timeout-client	integer	50
/idle-timeout-member	integer	50
/idle-timeout-connection	integer	5
/pool-algorithm	ROUND_ROBIN / LEAST_CONNECTIONS / SOURCE_IP	ROUND_ROBIN
/target-node-labels	stringMap	N/A
/enable-proxy-protocol	stringList	N/A

Traffic Routing

Traffic Routing can be controlled with following annotations:

vks.vngcloud.vn/ignore specifies Service type Loadbalancer is ignored by controller.
```
vks.vngcloud.vn/ignore: "true"
```
vks.vngcloud.vn/load-balancer-id specifies the id of the load balancer.

⚠️ Warnings: If you specify this annotation, load-balancer will not auto recreate when delete.

⚠️ Warnings: If you want many ingress use a same load-balancer, we highly recommended use annotation vks.vngcloud.vn/load-balancer-name.
```
vks.vngcloud.vn/load-balancer-id: "lb-xxxxxxxxxxxxxx"
```
vks.vngcloud.vn/load-balancer-name specifies the custom name to use for the load balancer.

ℹ️ Info: Rule auto genearte load balancer name: ******__******

⚠️ Warnings: Name longer than 50 characters will be treated as an error.

⚠️ Warnings: Ingress with same this annotation value with use a same load-balancer.

⚠️ Warnings: Update this field will cause create/update another load-balancer and redundant resource (old load-balabncer).
```
vks.vngcloud.vn/load-balancer-name: "custom-name"
```
vks.vngcloud.vn/package-id The ID of the network load-balancer package to be used for the service. If this annotation is not specified, the default package will be used.

⚠️ Warnings: Update this field after apply success will not effect.
```
vks.vngcloud.vn/package-id: "lbp-c531bc55-27d7-4a3e-be0b-eac265658a50"
```

vks.vngcloud.vn/target-node-labels specifies which nodes to include in the target group registration.

vks.vngcloud.vn/target-node-labels: "worker=vmonitor,kubernetes.io/os=linux"
vks.vngcloud.vn/target-node-labels: "key=v1,key=v2" # => "key=v2"

Resource Tags

The VNGCLOUD Ingress Controller automatically applies following tags to the Load Balancer resources, it creates:

vks-cluster-ids: ${clusterID}_${clusterID}_${clusterID}

In addition, you can use annotations to specify additional tags

vks.vngcloud.vn/tags specifies additional tags that will be applied to vLB resources created.

⚠️ Warnings: When user update tags manual in portal, our agent will not sync the change (load balancer not update updateAt when update tags)

⚠️ Warnings: It'll update the config tag and append to the current tag.
```
vks.vngcloud.vn/tags: "Environment=dev,Team=test"
```

Access control

Access control for LoadBalancer can be controlled with following annotations:

vks.vngcloud.vn/scheme specifies whether your LoadBalancer will be internet facing.
```
vks.vngcloud.vn/scheme: "internal"
```
vks.vngcloud.vn/inbound-cidrs specifies the CIDRs that are allowed to access LoadBalancer.
```
vks.vngcloud.vn/inbound-cidrs: "10.0.0.0/24"
```
vks.vngcloud.vn/security-groups specifies the securityGroups you want to attach to Node.

⚠️ Warnings: If you NOT specify this annotation, the controller will automatically create one security group, the security group will be attached to the Node and allow access from inbound-cidrs to the listen-ports.

⚠️ Warnings: If you specify this annotation, you need to ensure the security groups on your Node to allow inbound traffic from the load balancer.

⚠️ Warnings: If you specify this annotation, it'll configure only security group only include in this annotation. Ensure include them all here.
```
vks.vngcloud.vn/security-groups: "sg-xxxx,sg-yyyyy"
```
vks.vngcloud.vn/idle-timeout-client Connection idle timeout is the maximum time a connection can remain open without any data transfer, after which the load balancer will close the connection. Range: (1-3600).
```
vks.vngcloud.vn/idle-timeout-client: "51"
```
vks.vngcloud.vn/idle-timeout-member Backend member inactivity timeout in seconds. Range: (1-3600).
```
vks.vngcloud.vn/idle-timeout-member: "51"
```
vks.vngcloud.vn/idle-timeout-connection Backend member connection timeout in seconds.
```
vks.vngcloud.vn/idle-timeout-connection: "5"
```

Health Check

Health check on target groups can be controlled with following annotations:

vks.vngcloud.vn/healthcheck-port specifies the port used when performing health check on targets.

⚠️ Warnings: The healthcheck port can automatically point to the protocol port.
vks.vngcloud.vn/healthcheck-protocol specifies the protocol used when performing health check on targets.
```
vks.vngcloud.vn/healthcheck-protocol: "HTTP"
```
vks.vngcloud.vn/healthcheck-path specifies the HTTP path when performing health check on targets.
```
vks.vngcloud.vn/healthcheck-path: "/ping"
```
vks.vngcloud.vn/healthcheck-interval-seconds specifies the interval(in seconds) between health check of an individual target.
```
vks.vngcloud.vn/healthcheck-interval-seconds: '10'
```
vks.vngcloud.vn/healthcheck-timeout-seconds specifies the timeout(in seconds) during which no response from a target means a failed health check
```
vks.vngcloud.vn/healthcheck-timeout-seconds: '8'
```
vks.vngcloud.vn/healthy-threshold-count specifies the consecutive health checks successes required before considering an unhealthy target healthy.
```
vks.vngcloud.vn/healthy-threshold-count: '2'
```
vks.vngcloud.vn/unhealthy-threshold-count specifies the consecutive health check failures required before considering a target unhealthy.
```
vks.vngcloud.vn/unhealthy-threshold-count: '2'
```
vks.vngcloud.vn/success-codes specifies the HTTP status code that should be expected when doing health checks against the specified health check path.
```
vks.vngcloud.vn/success-codes: "200,201"
```
vks.vngcloud.vn/healthcheck-http-method Define the HTTP method used for sending health check requests to the backend servers.

⚠️ Warnings: This option is applicable only when the vks.vngcloud.vn/healthcheck-protocol is set to http.
```
vks.vngcloud.vn/healthcheck-http-method: "POST"
```
vks.vngcloud.vn/healthcheck-http-version Define the HTTP version used for sending health check requests to the backend servers.

⚠️ Warnings: This option is applicable only when the vks.vngcloud.vn/healthcheck-protocol is set to http.
```
vks.vngcloud.vn/healthcheck-http-version: "1.1"
```
vks.vngcloud.vn/healthcheck-http-domain-name The domain name, which be injected into the HTTP Host Header to the backend server for HTTP health check.

⚠️ Warnings: This option is applicable only when the vks.vngcloud.vn/healthcheck-protocol is set to http and vks.vngcloud.vn/healthcheck-http-version is set to 1.1.
```
vks.vngcloud.vn/healthcheck-http-domain-name: "example.com"
```

Pool configuration

vks.vngcloud.vn/pool-algorithm The load balancing algorithm used to determine which backend server to send a request to.
```
vks.vngcloud.vn/pool-algorithm: "SOURCE_IP"
```

vks.vngcloud.vn/enable-proxy-protocol Enable Proxy Protocol for the Load Balancer Pool.

Assume you have a service nginx-ingress-controller:

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-controller-controller
  namespace: kube-system
spec:
  ports:
  - name: http-service
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https-service
    port: 443
    protocol: TCP
    targetPort: 443
  type: LoadBalancer

You can enable Proxy Protocol for the Load Balancer Pool by adding the following annotation:

vks.vngcloud.vn/enable-proxy-protocol: "http-service,https-service"

vContainer Helm Infra Documentation