LoadBalancerConfig CRD
The LoadBalancerConfig custom resource provides fine-grained control over VNGCloud load balancers. It allows you to define listeners, pools, pool members, and L7 routing policies declaratively in Kubernetes.
Overview
Short name: lbc
Example: Application Load Balancer (L7)
apiVersion : vks.vngcloud.vn/v1alpha1
kind : LoadBalancerConfig
metadata :
name : my-alb
namespace : default
spec :
type : Application
subnetId : "sub-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
vpcId : "net-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
zoneId : "HCM-1"
scheme : Internet
packageId : "lbp-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
pools :
- name : web-pool
protocol : HTTP
algorithm : RoundRobin
healthMonitor :
protocol : HTTP
healthCheckPath : "/healthz"
healthCheckMethod : GET
interval : 30
timeout : 5
healthyThreshold : 3
unhealthyThreshold : 3
listeners :
- name : http-listener
protocol : HTTP
protocolPort : 80
defaultPoolName : web-pool
policies :
- name : api-redirect
action : REDIRECT_TO_POOL
redirectPoolName : api-pool
l7Rules :
- ruleType : PATH
compareType : STARTS_WITH
ruleValue : "/api"
Example: Network Load Balancer (L4)
apiVersion : vks.vngcloud.vn/v1alpha1
kind : LoadBalancerConfig
metadata :
name : my-nlb
namespace : default
spec :
type : Network
subnetId : "sub-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
vpcId : "net-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
zoneId : "HCM-1"
scheme : Internal
pools :
- name : tcp-pool
protocol : TCP
healthMonitor :
protocol : TCP
interval : 30
timeout : 5
healthyThreshold : 3
unhealthyThreshold : 3
listeners :
- name : tcp-listener
protocol : TCP
protocolPort : 443
defaultPoolName : tcp-pool
Spec Reference
Top-level fields
Field
Required
Description
typeYes
Application or Network
subnetIdYes
Subnet ID for the load balancer's public interface
vpcIdYes
VPC ID
zoneIdYes
Availability zone (e.g., HCM-1)
schemeNo
Internal, Internet (default), or InterVPC
packageIdNo
Load balancer package/size ID
loadBalancerNameNo
Custom name for the VNGCloud LB resource
enableAutoscaleNo
Enable autoscaling
tagsNo
Key-value tags applied to the LB
isPocNo
Mark as proof-of-concept
Pool fields
Field
Required
Description
nameYes
Pool name (unique within this LBC)
protocolYes
HTTP, HTTPS, TCP, UDP, PROXY
algorithmNo
ROUND_ROBIN, LEAST_CONNECTIONS, SOURCE_IP
stickinessNo
Enable sticky sessions
tlsEncryptionNo
Enable TLS encryption for pool members
healthMonitorNo
Health check configuration
membersNo
Static pool members (IP, port)
Listener fields
Field
Required
Description
nameYes
Listener name
protocolYes
HTTP, HTTPS, TCP, UDP, TERMINATED_HTTPS
protocolPortYes
Port number (1–65535)
defaultPoolNameNo
Name of the default backend pool
timeoutClientNo
Client idle timeout (seconds)
timeoutMemberNo
Member idle timeout (seconds)
timeoutConnectionNo
Connection timeout (seconds)
allowedCidrsNo
Comma-separated list of allowed CIDR blocks
insertHeadersNo
Headers to inject into requests
policiesNo
L7 routing policies (Application LB only)
certificateDefaultNo
Default TLS certificate (Application LB only)
certificateAuthoritiesNo
CA certificates for mutual TLS
L7 Policy fields
Field
Required
Description
nameYes
Policy name
actionYes
REDIRECT_TO_POOL, REDIRECT_TO_URL, REJECT
redirectPoolNameNo
Target pool for REDIRECT_TO_POOL
redirectUrlNo
Redirect URL for REDIRECT_TO_URL
redirectHttpCodeNo
HTTP redirect code (e.g., 301, 302)
positionNo
Policy priority (lower = higher priority)
l7RulesNo
List of matching rules
L7 Rule fields
Field
Required
Description
ruleTypeYes
PATH, HOST_NAME, HEADER, COOKIE
compareTypeYes
EQUAL_TO, STARTS_WITH, ENDS_WITH, CONTAINS, REGEX
ruleValueYes
Value to match against
Status
The controller updates the status after each reconcile:
status :
loadBalancerId : "lb-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
address : "203.0.113.42"
observedGeneration : 3
lastReconcileTime : "2026-04-15T10:00:00Z"
lastReconcileMessage : "Load balancer reconciled successfully"
conditions :
- type : Ready
status : "True"
reason : ReconcileSuccess
lastTransitionTime : "2026-04-15T10:00:00Z"