Annotations are a way to add custom, non-identifiable metadata to objects. They are used to configure additional behavior for Load Balancers service in Kubernetes clusters beyond the standard configuration offerings. Learn more about annotations in the official Kubernetes documentation.

You can add annotations via the command line (kubectl) or the Kubernetes service manifest using the annotations field as follows:

metadata: {
 annotations: {
 key: "value"
 }
}

Below, we have compiled annotations that apply to clusters created in Gcore:

Key (annotation)Value sampleTypeDescription
loadbalancer.gcorelabs.com/flavorlb1-1-2StringSpecifies a custom name for the flavor
loadbalancer.gcorelabs.com/proxy-protocoltrueBooleanEnables proxy protocol type for Load Balancer listeners
loadbalancer.gcorelabs.com/x-forwarded-fortrueBooleanAdds the “X-Forwarded-For,” “X-Forwarded-Port” and “X-Forwarded-Proto“ headers to requests
Enhanced Logging and Monitoring
loadbalancer.gcorelabs.com/logging-topic-nametopic-123StringSpecifies LaaS topic name for pushing logs.
Note: Must be used with the logging-destination-region-id
loadbalancer.gcorelabs.com/logging-destination-region-id1IntegerSpecifies LaaS destination region.
Note: Must be used with the logging-topic-name
loadbalancer.gcorelabs.com/logging-retention-policy-period45IntegerConfigures log retention policy for LaaS topic (in days)
loadbalancer.gcore.com/logging-retention-policy-period30IntegerDefines log retention policy for the LaaS topic (in days)
loadbalancer.gcore.com/logging-topic-namemy-logsStringSpecifies the LaaS topic name for pushing logs
loadbalancer.gcore.com/logging-destination-region-id15IntegerDefines the LaaS destination region for log storage
Advanced DDoS Protection
loadbalancer.gcorelabs.com/ddos-profile{ "profile_template":65, "fields": [{ "base_field":272, "field_value":40 }] }IntegerConfigures and ads the DDoS Protection profile to the Load Balancer
loadbalancer.gcore.com/ddos-profile{ "profile_template":75, "fields": [{ "base_field":300, "field_value":50 }] }StringSpecifies an Advanced DDoS Protection profile using a JSON string
Connection and Timeout Configurations
loadbalancer.gcorelabs.com/timeout-client-data6000IntegerSets client data timeouts for Load Balancer listeners (in msec).
Note: When removed, the previously set value remains in effect
loadbalancer.gcorelabs.com/timeout-member-connect6000IntegerSets member connect timeouts for Load Balancer listeners (in msec).
Note: When removed, the previously set value remains in effect
loadbalancer.gcorelabs.com/timeout-member-data6000IntegerSets member data timeouts for Load Balancer listeners (in msec).
Note: When removed, the previously set value remains in effect
loadbalancer.gcore.com/listener-connection-limit500IntegerSets a limit on the number of concurrent connections per listener
loadbalancer.gcore.com/listener-timeout-client-data"30s"StringDefines client data timeout duration (e.g., ”30s” or “1m”)
loadbalancer.gcore.com/listener-timeout-member-connect"30s"StringDefines the connection timeout between Load Balancer and backend members
loadbalancer.gcore.com/listener-timeout-member-data"30s"StringDefines the data transmission timeout between Load Balancer and backend members
IP and Network Configurations
loadbalancer.gcorelabs.com/floating-cleanuptrueBooleanAutomatically cleans up the floating IP assigned to the Load Balancer after deleting the service
service.beta.kubernetes.io/gcore-internal-load-balancertrueBooleanDisables floating IP creation and makes the Load Balancer unavailable for external requests
service.beta.kubernetes.io/gcore-external-load-balancertrueBooleanMakes the Load Balancer public
loadbalancer.gcore.com/floating-ip"1.1.1.1"StringSpecifies a floating IP for a private Load Balancer, only for internal networks
loadbalancer.gcore.com/floating-ip"192.168.1.10"StringAssigns an existing floating IP address to the Load Balancer
loadbalancer.gcore.com/floating-ip-cleanuptrueBooleanAutomatically removes the assigned floating IP when the Service is deleted
loadbalancer.gcore.com/reserved-ip"10.0.0.42"StringSpecifies a reserved IP for the Load Balancer
loadbalancer.gcore.com/reserved-ip-cleanuptrueBooleanAutomatically cleans up reserved IPs upon deletion

Examples

Here, several examples of annotations using are presented.

To assign an Advanced DDoS protection profile to your cluster, use the following code in the manifest:

apiVersion: v1
kind: Service
metadata:
  annotations:
    loadbalancer.gcorelabs.com/ddos-profile: |
  {"profile_template":65,"fields":[{"base_field":272,"field_value":40}]}
  labels:
    app: grafana
  name: grafana
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: grafana
  type: LoadBalancer

Instead of the sample values (65, 272, and 40), use the appropriate values for your project. The value format is the same as supported by the public DDoS Protection API.

To enable logging for your cluster, use the following one:

apiVersion: v1
kind: Service
metadata:
  annotations:
    loadbalancer.gcorelabs.com/logging-topic-name: test123
    loadbalancer.gcorelabs.com/logging-destination-region-id: 15
  labels:
    app: grafana
  name: grafana
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: grafana
  type: LoadBalancer

Instead of the sample values (test123 and 15), use the appropriate values for your project.