Exposing Containerized Applications
Do the following to expose an application deployment so that worker node applications can be reached from outside Compute Cloud@Customer:
-
Create an external load balancer.
-
Update ingress and egress rules as necessary to support the port requirements of your containerized applications. For example, if any application uses TCP port 3000, then an ingress rule needs to be added with port 3000.
Create an External Load Balancer
An external load balancer is a Service of type LoadBalancer. The service provides load balancing for an application that has multiple running instances.
If you use the --service-lb-defined-tags or --service-lb-flexible-tags options to specify tags to be applied to external load balancers. then ensure that the applicable dynamic group includes the following policy. See Create a Cluster Dynamic Group and Policies.
allow dynamic-group dynamic-group-name to use tag-namespaces in compartment compartment-nameEnsure that the load balancer shape parameter has one of the following values:
-
400Mbps -
flexible– Requires that you also provideflex-minandflex-maxannotations.
You might need to edit the application deployment file to modify the load balancer shape value. See Specifying Alternative Load Balancer Shapes and Specifying Flexible Load Balancer Shapes for more information and examples of how to set these values.
To create a service load balancer on a private cluster (a cluster with a private worker load balancer subnet), then use the following annotation in your external load balancer template:
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
Use the following command to create the external load balancer:
# kubectl create -f expose_lbThe following is the content of the expose_lb file:
apiVersion: v1
kind: Service
metadata:
name: my-nginx-svc
labels:
app: nginx
annotations:
oci.oraclecloud.com/load-balancer-type: "lb"
service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps"
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: nginxThe following command shows more information about this external load balancer. The LoadBalancer Ingress IP address is the IP address that's used to reach node applications from outside the Compute Cloud@Customer. In the Compute Cloud@Customer Console, the LoadBalancer Ingress IP address is shown under the heading "IP Address" at the bottom of the first column on load balancer details page, followed by the label "(Public)."
# kubectl describe svc my-nginx-svc
Name: my-nginx-svc
Namespace: default
Labels: app=nginx
Annotations: oci.oraclecloud.com/load-balancer-type: lb
service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps
Selector: app=nginx
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: IP_address
IPs: IP_address
LoadBalancer Ingress: Load_Balancer_IP_address
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 32145/TCP
Endpoints: IP_address:port, IP_address+1:port, IP_address+2:port
Session Affinity: None
External Traffic Policy: Cluster
Events:
Type Reason Age From Message
----
Normal EnsuringLoadBalancer 7m48s service-controller Ensuring load balancer
Normal EnsuredLoadBalancer 6m40s service-controller Ensured load balancerFor descriptions of traffic policies, see Preserving the client source IP.
Use the following command to list IP addresses and ports for the external load balancer:
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP IP_address <none> 443/TCP 6h17m
my-nginx-svc LoadBalancer IP_address
Load_Balancer_IP_address 80:32145/TCP 5h5mWhat's Next: