8 Exposing Containerized Applications
Do the following to expose an application deployment so that worker node applications can be reached from outside the Private Cloud Appliance:
-
Create an external load balancer.
-
Update ingress and egress rules as necessary to support the port requirements of your containerized applications. For example, if any application uses TCP port 3000, then an ingress rule needs to be added with port 3000.
Create an External Load Balancer
An external load balancer is a Service of type LoadBalancer. The service provides load balancing for an application that has multiple running instances.
If you use the --service-lb-defined-tags or --service-lb-flexible-tags options to specify tags to be applied to external load balancers. then ensure that the applicable dynamic group includes the following policy. See Creating a Cluster Dynamic Group.
allow dynamic-group dynamic-group-name to use tag-namespaces in compartment compartment-name
Ensure that the load balancer shape parameter has one of the following values: either 400Mbps or flexible. If you specify flexible then you must also provide flex-min and flex-max annotations. You might need to edit the application deployment file to modify the load balancer shape value. See Specifying Alternative Load Balancer Shapes and Specifying Flexible Load Balancer Shapes for more information and examples of how to set these values.
If you want to create a service load balancer on a private cluster (a cluster with a private worker load balancer subnet), then use the following annotation in your external load balancer template:
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
Use the following command to create the external load balancer:
# kubectl create -f expose_lb
The following is the content of the expose_lb file:
apiVersion: v1
kind: Service
metadata:
name: my-nginx-svc
labels:
app: nginx
annotations:
oci.oraclecloud.com/load-balancer-type: "lb"
service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps"
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: nginxThe following command shows more information about this external load balancer. The LoadBalancer Ingress IP address is the IP address that is used to reach node applications from outside the Private Cloud Appliance. In the Compute Web UI, the LoadBalancer Ingress IP address is shown under the heading "IP Address" at the bottom of the first column on load balancer details page, followed by the label "(Public)."
# kubectl describe svc my-nginx-svc
Name: my-nginx-svc
Namespace: default
Labels: app=nginx
Annotations: oci.oraclecloud.com/load-balancer-type: lb
service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps
Selector: app=nginx
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: IP_address
IPs: IP_address
LoadBalancer Ingress: Load_Balancer_IP_address
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 32145/TCP
Endpoints: IP_address:port, IP_address+1:port, IP_address+2:port
Session Affinity: None
External Traffic Policy: Cluster
Events:
Type Reason Age From Message
----
Normal EnsuringLoadBalancer 7m48s service-controller Ensuring load balancer
Normal EnsuredLoadBalancer 6m40s service-controller Ensured load balancerUse the following command to list IP addresses and ports for the external load balancer:
# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP IP_address <none> 443/TCP 6h17m my-nginx-svc LoadBalancer IP_address Load_Balancer_IP_address 80:32145/TCP 5h5m