Using a Version 2 Elastic Load Balancer

Follow

Using a Version 2 Elastic Load Balancer

The Kion application deployment AWS CloudFormation template now has the option to deploy version 2 elastic load balancers. These new load balancers have improved performance, better authentication, more configuration options, and better logging.

We recommend using a version 2 load balancer for all new deployments and migrating at your earliest convenience for existing deployments.

New App Template Parameters

There are several new parameters in the Kion-app template:

  • Deploy a Classic User Facing Load Balancer. Default: Yes. If set to yes, a classic load balancer is deployed. This is temporarily defaulted to Yes so that existing deployments will not be altered unintentionally.
  • Deploy a V2 User Facing Load Balancer. Default: No. If set to yes, a version 2 load balancer is deployed. This is temporarily defaulted to No so that existing deployments will not be altered unintentionally.
  • V2 User Facing Load Balancer Type. Default: application. Sets the type of version 2 load balancer to deploy. The choices are application and network. We recommend using an application load balancer if your environment requirements allow it.
  • Network application load balancers cannot serve SSL certificates. For SSL when using V2 network load balancers, follow the SSL Certificate via Internal Ingress section of the AWS Deployment Guide. Network load balancers also cannot have security groups attached to them.
  • Network V2 Load Balancer Health Check CIDR. Default: none. When using a network load balancer, health checks must be allowed specifically by CIDR on the node security group. Enter the CIDR range for the VPC where Kion will is or will be deployed.
  • Classic Load Balancer Cipher Suite. Default: ELBSecurityPolicy-2016-08. This is a rename of the parameter Load Balancer Cipher Suite. If you had set this to a non-default value, set the same custom value here.
  • V2 Load Balancer Cipher Suite. Default: ELBSecurityPolicy-2016-08. Sets the cipher suite for the version 2 load balancer.

Migrating to a V2 Load Balancer

To migrate an existing deployment from a classic load balancer to a version 2 load balancer:

  1. Update the application stack by replacing the existing template with the new one. The Kion-app template can be downloaded from the AWS Deployment Guide.
  2. Set Deploy a V2 User Facing Load Balancer to Yes.
  3. Choose a value for V2 User Facing Load Balancer Type. We recommend using an application load balancer.
    If you choose network, you also need to set up your SSL certificate via internal ingress, and set the value of Network V2 Load Balancer Health Check CIDR to the CIDR range of the VPC in which Kion is deployed.
  4. If you had previously customized the value for the Load Balancer Cipher Suite, enter the same value for the Classic Load Balancer Cipher Suite parameter.
  5. (Optional) Set a custom value for V2 Load Balancer Cipher Suite.
  6. Complete the stack update.
  7. Check the Outputs tab of the application stack. There will be a new output called V2UserLoadBalancer with the DNS name of the version 2 load balancer.
  8. Verify that you can log in to the application through the version 2 load balancer's DNS name.
  9. Update the DNS entry for the application to point to the version 2 load balancer's DNS name.

At this point, we recommend taking some time to ensure that the application is working as expected. Once you are sure the new deployment is stable, update the stack and change the Deploy a Classic User Facing Load Balancer parameter to No. This deletes the classic load balancer.