8 Exposing Containerized Applications

Do the following to expose an application deployment so that worker node applications can be reached from outside the Private Cloud Appliance:

  • Create an external load balancer.

  • Update ingress and egress rules as necessary to support the port requirements of your containerized applications. For example, if any application uses TCP port 3000, then an ingress rule needs to be added with port 3000.

Create an External Load Balancer

An external load balancer is a Service of type LoadBalancer. The service provides load balancing for an application that has multiple running instances.

If you use the --service-lb-defined-tags or --service-lb-flexible-tags options to specify tags to be applied to external load balancers. then ensure that the applicable dynamic group includes the following policy. See Creating a Cluster Dynamic Group.

allow dynamic-group dynamic-group-name to use tag-namespaces in compartment compartment-name

Ensure that the load balancer shape parameter has one of the following values: either 400Mbps or flexible. If you specify flexible then you must also provide flex-min and flex-max annotations. You might need to edit the application deployment file to modify the load balancer shape value. See Specifying Alternative Load Balancer Shapes and Specifying Flexible Load Balancer Shapes for more information and examples of how to set these values.

If you want to create a service load balancer on a private cluster (a cluster with a private worker load balancer subnet), then use the following annotation in your external load balancer template:

service.beta.kubernetes.io/oci-load-balancer-internal: "true"

Use the following command to create the external load balancer:

# kubectl create -f expose_lb

The following is the content of the expose_lb file:

apiVersion: v1
kind: Service
metadata:
  name: my-nginx-svc
  labels:
    app: nginx
  annotations:
    oci.oraclecloud.com/load-balancer-type: "lb"
    service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps"
spec:
  type: LoadBalancer
  ports:
   - port: 80
  selector:
    app: nginx

The following command shows more information about this external load balancer. The LoadBalancer Ingress IP address is the IP address that is used to reach node applications from outside the Private Cloud Appliance. In the Compute Web UI, the LoadBalancer Ingress IP address is shown under the heading "IP Address" at the bottom of the first column on load balancer details page, followed by the label "(Public)."

# kubectl describe svc my-nginx-svc
Name:                     my-nginx-svc
Namespace:                default
Labels:                   app=nginx
Annotations:              oci.oraclecloud.com/load-balancer-type: lb
                          service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps
Selector:                 app=nginx
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       IP_address
IPs:                      IP_address
LoadBalancer Ingress:     Load_Balancer_IP_address
Port:                     <unset> 80/TCP
TargetPort:               80/TCP
NodePort:                 <unset> 32145/TCP
Endpoints:                IP_address:port, IP_address+1:port, IP_address+2:port
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason                Age    From                Message
  ----
  Normal  EnsuringLoadBalancer  7m48s  service-controller  Ensuring load balancer
  Normal  EnsuredLoadBalancer   6m40s  service-controller  Ensured load balancer

Use the following command to list IP addresses and ports for the external load balancer:

# kubectl get svc
NAME          TYPE          CLUSTER-IP  EXTERNAL-IP               PORT(S)       AGE
kubernetes    ClusterIP     IP_address  <none>                    443/TCP       6h17m
my-nginx-svc  LoadBalancer  IP_address  Load_Balancer_IP_address  80:32145/TCP  5h5m