Direct Load Balancer

The Direct Load Balancer allows you to expose your Workload’s Ports directly through a cloud load balancer in each location where the workload is running.

Overview

Direct load balancers are created in each location where a workload is running and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required. Each location will obtain a public address that is configured as a possible target of the Geo DNS endpoint. The stadard latency based routing will be used for traffic distribution across the locations. Since the traffic is being routed directly to the workload through the load balancer, Domains do not need to be registered in order to receive traffic on the direct load balancer endpoints. The dns record for the workload can be configured in dns as a cname target for any source domains you wish accpet traffic for.

Configuration

The Direct Load Balancer configuration is defined in the workload using directLoadBalancer in the workload spec, with the following properties:

direct

The direct object contains the configuration for the Direct Load Balancer.

PropertyTypeDescription
enabledbooleanWhen set to false, this load balancer will be stopped and no charges will accrue
portsarrayA list of ports that will be exposed by this load balancer
ipSetstring (optional)A link to an IpSet, to be used with the load balancer

ports

Each port in the ports array is added to the cloud load balancer to control the routing behavior:

PropertyTypeDescription
externalPortnumberThe port that is available publicly. Must be between 22 and 32768
protocolstringThe protocol that is exposed publicly. Can be either ‘TCP’ or ‘UDP’
schemestring (optional)Overrides the default https URL scheme that will be used for links in the UI and status. Valid values are ‘http’, ‘tcp’, ‘https’, ‘ws’, ‘wss’
containerPortobjectThe port on the container that will receive this traffic

Example Configuration

Here’s an example configuration for a Direct Load Balancer:

loadBalancer:
  direct:
    enabled: true
    ports:
      - externalPort: 80
        protocol: TCP
        scheme: http
        containerPort:
          port: 8080
      - externalPort: 443
        protocol: TCP
        scheme: https
        containerPort:
          port: 8443
      - externalPort: 9000
        protocol: UDP
        containerPort:
          port: 9000

Geo Location Headers

The Geo Location Headers feature allows you to include geographic information in inbound HTTP requests.

When enabled, this feature adds headers containing geographic information to incoming HTTP requests. These headers can provide valuable data about the origin of the request, including the Autonomous System Number (ASN), city, country, and region.

This product includes GeoLite2 data created by MaxMind, available from

https://www.maxmind.com.

Configuration

ParameterTypeDescription
enabledbooleanWhen set to true, geo location headers will be included on inbound HTTP requests. Existing headers will be replaced. Default is false.
headers.asnstringThe header name for the Autonomous System Number information.
headers.citystringThe header name for the city information.
headers.countrystringThe header name for the country information.
headers.regionstringThe header name for the region information.

Usage Guidelines

  1. Enabling the Feature: Set geoLocation.enabled to true to activate the Geo Location Headers feature.

  2. Header Configuration: When enabled, you must specify at least one header (ASN, city, country, or region).

  3. Unique Headers: The values for ASN, city, country, and region headers must be unique. You cannot use the same header name for different types of information.

  4. Existing Headers: If enabled, this feature will replace any existing headers with the same names in incoming requests.

Notes

  • Enabling this feature may have performance implications, as it requires additional processing for each incoming request.
  • Enabling this feature has no effect if the workload does not expose an http port.
  • Ensure that you comply with all relevant data protection and privacy regulations when using geographic information.
  • The accuracy of geographic information may vary and should not be relied upon for critical decision-making without verification.
  • Workloads receive the latest ip to geo database on startup.

Example Configuration

Here’s an example configuration that enables Geo Location Headers:

This configuration will add the following headers to incoming HTTP requests:

  • X-GeoIP-ASN: Containing the Autonomous System Number
  • X-GeoIP-City: Containing the city name
  • X-GeoIP-Country: Containing the country name
  • X-GeoIP-Region: Containing the region name
loadBalancer:
  geoLocation:
    enabled: true
    headers:
      asn: X-GeoIP-ASN
      city: X-GeoIP-City
      country: X-GeoIP-Country
      region: X-GeoIP-Region

Geo Location Filtering

Geo location headers can be use in conjunction with header filters, to allow/deny http requests from specified places.

Checkout Geo Filtering