Setting up load balancers and DNS

You must set up load balancers and DNS for the Acceptor and Gateway components so that these components can be exposed to the public Internet and allow you to access the Instana UI. Depending on your setup, steps can be different for an Instana backend on Kubernetes and an Instana backend on Red Hat OpenShift.

For Kubernetes, you must either define Ingresses or create Services of type LoadBalancer. For Red Hat OpenShift, you must either define Routes or create Services of type LoadBalancer.

Domain configuration

For both Instana backend on Kubernetes and Instana backend on Red Hat OpenShift, you must set up A records in your DNS for the base_domain, for the Acceptor subdomain domain (usually ingress), for the OTLP Acceptor subdomains (otlp-http and otlp-grpc), and for all tenant unit subdomains:

  • <base_domain>
  • ingress.<base_domain>
  • otlp-http.<base_domain>
  • otlp-grpc.<base_domain>
  • <unit-name>-<tenant-name>.<base_domain>

Then, configure the domains in the CoreSpec as follows:

spec:
  agentAcceptorConfig:
    host: ingress.<base_domain>
    port: 443
  baseDomain: <base_domain>

Instana backend on Kubernetes

To set up load balancers for your Instana backend on Kubernetes, use Services of type LoadBalancer as follows:

Acceptor

  1. Create a YAML file such as service.yaml as follows:

    • For Azure Kubernetes Service (AKS):

      apiVersion: v1
      kind: Service
      metadata:
        namespace: instana-core
        annotations:
          # For additional Loadbalancer annotations, kindly refer: https://cloud-provider-azure.sigs.k8s.io/topics/loadbalancer/#loadbalancer-annotations
          service.beta.kubernetes.io/azure-load-balancer-resource-group: <your-resource-group>
          service.beta.kubernetes.io/azure-load-balancer-internal: "false" #if internet facing
          service.beta.kubernetes.io/azure-dns-label-name: <dns-label-name>
        name: loadbalancer-acceptor
      spec:
        type: LoadBalancer
        externalTrafficPolicy: Local
        ports:
          - name: http-service
            port: 443
            protocol: TCP
            targetPort: http-service
        selector:
          app.kubernetes.io/name: instana
          app.kubernetes.io/component: acceptor
          instana.io/group: service
      
    • For Amazon Elastic Kubernetes Service (Amazon EKS):

      apiVersion: v1
      kind: Service
      metadata:
        namespace: instana-core
        annotations:
          # To explore on more service annotations, kindly refer the documentation - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/service/annotations/
          service.beta.kubernetes.io/aws-load-balancer-name: <your-load-balancer-name>
          service.beta.kubernetes.io/aws-load-balancer-subnets: <subnet1-name>,<subnet2-name>,<subnet3-name>
          service.beta.kubernetes.io/aws-load-balancer-ip-address-type: ipv4
          service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
        name: loadbalancer-acceptor
      spec:
        type: LoadBalancer
        externalTrafficPolicy: Local
        ports:
          - name: http-service
            port: 443
            protocol: TCP
            targetPort: http-service
        selector:
          app.kubernetes.io/name: instana
          app.kubernetes.io/component: acceptor
          instana.io/group: service
      
    • For Google Kubernetes Engine (GKE):

      apiVersion: v1
      kind: Service
      metadata:
        namespace: instana-core
        annotations:
          # To explore on more service annotations, kindly refer the documentation https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer
          cloud.google.com/l4-rbs: "enabled" 
        name: loadbalancer-acceptor
      spec:
        type: LoadBalancer
        loadBalancerIP: <your_loadbalancer_IP>
        externalTrafficPolicy: Local
        ports:
          - name: http-service
            port: 443
            protocol: TCP
            targetPort: http-service
        selector:
          app.kubernetes.io/name: instana
          app.kubernetes.io/component: acceptor
          instana.io/group: service
      

      Replace <your_loadbalancer_IP> with the IP address of your load balancer.

  2. Apply the YAML file by running the following command:

    kubectl apply -f service.yaml -n <CORE_NAMESPACE>
    

    Replace <CORE_NAMESPACE> with the namespace of the Core object.

Gateway

  1. Create a YAML file such as service.yaml, complete one of the following steps:

    • For Azure Kubernetes Service (AKS):

      apiVersion: v1
      kind: Service
      metadata:
        namespace: instana-core
        name: loadbalancer-gateway
        annotations:
          # For additional Loadbalancer annotations, kindly refer: https://cloud-provider-azure.sigs.k8s.io/topics/loadbalancer/#loadbalancer-annotations
          service.beta.kubernetes.io/azure-load-balancer-resource-group: <your-resource-group>
          service.beta.kubernetes.io/azure-load-balancer-internal: "false" #internet facing
          service.beta.kubernetes.io/azure-dns-label-name: <dns-label-name>
      spec:
        type: LoadBalancer
        externalTrafficPolicy: Local
        ports:
          - name: https
            port: 443
            protocol: TCP
            targetPort: https
          - name: http
            port: 80
            protocol: TCP
            targetPort: http
        selector:
          app.kubernetes.io/name: instana
          app.kubernetes.io/component: gateway
          instana.io/group: service
      
    • For Amazon Elastic Kubernetes Service (Amazon EKS):

    apiVersion: v1
    kind: Service
    metadata:
      namespace: instana-core
      name: loadbalancer-gateway
      annotations:
        # To explore on more service annotations, kindly refer the documentation - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/service/annotations/
        service.beta.kubernetes.io/aws-load-balancer-name: <your-gateway-name>
        service.beta.kubernetes.io/aws-load-balancer-ip-address-type: ipv4
        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
        service.beta.kubernetes.io/aws-load-balancer-subnets: <subnet1-name>,<subnet2-name>,<subnet3-name>
    spec:
      type: LoadBalancer
      externalTrafficPolicy: Local
      ports:
        - name: https
          port: 443
          protocol: TCP
          targetPort: https
        - name: http
          port: 80
          protocol: TCP
          targetPort: http
      selector:
        app.kubernetes.io/name: instana
        app.kubernetes.io/component: gateway
        instana.io/group: service
    
    • For Google Kubernetes Engine (GKE):
    apiVersion: v1
    kind: Service
    metadata:
      namespace: instana-core
      name: loadbalancer-gateway
      annotations:
        # To explore on more service annotations, kindly refer the documentation https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer
        cloud.google.com/l4-rbs: "enabled"
    spec:
      type: LoadBalancer
      loadBalancerIP: <your_loadbalancer_IP>
      externalTrafficPolicy: Local
      ports:
        - name: https
          port: 443
          protocol: TCP
          targetPort: https
        - name: http
          port: 80
          protocol: TCP
          targetPort: http
      selector:
        app.kubernetes.io/name: instana
        app.kubernetes.io/component: gateway
        instana.io/group: service
    

    Replace <your_loadbalancer_IP> with the IP address of your load balancer.

  2. Apply the YAML file by running the following command:

    kubectl apply -f service.yaml -n <CORE_NAMESPACE>
    

    Replace <CORE_NAMESPACE> with the namespace of the Core object.

Instana backend on Red Hat OpenShift

To set up load balancers for your Instana backend on Red Hat OpenShift, create Routes by running the following commands:

Acceptor

oc create route passthrough acceptor --hostname=<acceptor_subdomain> --service=acceptor  --port=8600 -n instana-core

OTLP Acceptor

oc create route passthrough otlp-http-acceptor --hostname=otlp-http.<base_domain> --service=gateway  --port=https -n instana-core
oc create route passthrough otlp-grpc-acceptor --hostname=otlp-grpc.<base_domain> --service=gateway  --port=https -n instana-core

Gateway

oc create route passthrough base-domain --hostname=<base_domain> --service=gateway --port=https -n instana-core
oc create route passthrough <unitName>-<tenantName>-ui --hostname=<unitName>-<tenantName>.<base_domain> --service=gateway --port=https -n instana-core