8 Exposing Containerized Applications
Do the following to expose an application deployment so that worker node applications can be reached from outside the Private Cloud Appliance:
-
Create an external load balancer.
-
Update ingress and egress rules as necessary to support the port requirements of your containerized applications. For example, if any application uses TCP port 3000, then an ingress rule needs to be added with port 3000.
Create an External Load Balancer
An external load balancer is a Service of type LoadBalancer. The service provides load balancing for an application that has multiple running instances.
If you use the --service-lb-defined-tags
or --service-lb-flexible-tags
options to specify tags to be applied to external load balancers. then ensure that the applicable dynamic group includes the following policy. See Creating a Cluster Dynamic Group.
allow dynamic-group dynamic-group-name to use tag-namespaces in compartment compartment-name
Ensure that the load balancer shape parameter has one of the following values: either 400Mbps
or flexible
. If you specify flexible
then you must also provide flex-min
and flex-max
annotations. You might need to edit the application deployment file to modify the load balancer shape value. See Specifying Alternative Load Balancer Shapes and Specifying Flexible Load Balancer Shapes for more information and examples of how to set these values.
If you want to create a service load balancer on a private cluster (a cluster with a private worker load balancer subnet), then use the following annotation in your external load balancer template:
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
Use the following command to create the external load balancer:
# kubectl create -f expose_lb
The following is the content of the expose_lb
file:
apiVersion: v1 kind: Service metadata: name: my-nginx-svc labels: app: nginx annotations: oci.oraclecloud.com/load-balancer-type: "lb" service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps" spec: type: LoadBalancer ports: - port: 80 selector: app: nginx
The following command shows more information about this external load balancer. The LoadBalancer Ingress IP address is the IP address that is used to reach node applications from outside the Private Cloud Appliance. In the Compute Web UI, the LoadBalancer Ingress IP address is shown under the heading "IP Address" at the bottom of the first column on load balancer details page, followed by the label "(Public)."
# kubectl describe svc my-nginx-svc Name: my-nginx-svc Namespace: default Labels: app=nginx Annotations: oci.oraclecloud.com/load-balancer-type: lb service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps Selector: app=nginx Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: IP_address IPs: IP_address LoadBalancer Ingress: Load_Balancer_IP_address Port: <unset> 80/TCP TargetPort: 80/TCP NodePort: <unset> 32145/TCP Endpoints: IP_address:port, IP_address+1:port, IP_address+2:port Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message ---- Normal EnsuringLoadBalancer 7m48s service-controller Ensuring load balancer Normal EnsuredLoadBalancer 6m40s service-controller Ensured load balancer
Use the following command to list IP addresses and ports for the external load balancer:
# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP IP_address <none> 443/TCP 6h17m my-nginx-svc LoadBalancer IP_address Load_Balancer_IP_address 80:32145/TCP 5h5m