Using a Network Load Balancer (NLB) to Expose an Application Outside the Kubernetes Cluster

1 min read

In this article, we will explain how you can expose an application to the internet with the network load balancer (NLB). 

There are three options to expose an application if you are using a standard classic Kubernetes cluster (the NodePort is the only option if you are using a free Kubernetes cluster):

There are three options to expose an application if you are using a standard classic Kubernetes cluster

Prerequisites

Creating a network load balancer (NLB) service

Let's deploy a sample Hello World app into a Kubernetes pod within the worker node by utilizing the commands in the steps below. You can see the full details of how you can deploy an app in "Lesson 3: Deploying single instance apps to Kubernetes clusters" in the IBM Cloud Docs:

  1. git clone https://github.com/IBM/container-service-getting-started-wt.git
  2. cd 'container-service-getting-started-wt/Lab 1'
  3. ibmcloud cr build -t us.icr.io/tn_namespace/hello-world:1 .
  4. kubectl create deployment hello-world-deployment --image=us.icr.io/tn_namespace/hello-world:1

Now you have the Deployment hello-world-deployment and the app is running on a pod:

$ kubectl get deployment hello-world-deployment
NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
hello-world-deployment   1/1     1            1           1m5s
$ kubectl get pods -o wide
NAME                                     READY   STATUS    RESTARTS   AGE
hello-world-deployment-56999cc7cf-fk6ph   1/1     Running   0          1m50s   172.30.135.183   10.185.64.117   <none>           <none>
Now you have the Deployment hello-world-deployment and the app is running on a pod:

Use the following steps to create a network load balancer (NLB) service to expose your app. The portable addresses that are assigned to the NLB are permanent and do not change, even when a worker node is recreated in the cluster. You will be able to access your app by <load-balancer-ip>:<port that your app requires>. 

1. Create a network load balancer (NLB) service

You can create a NLB service by using either one of two methods: the command line or the service configuration file.

Create via the command line

$ kubectl expose deploy hello-world-deployment --port=80 --target-port=8080 --type=LoadBalancer --name my-nlb-svc
service/my-nlb-svc exposed

Create via the service configuration file

Next, you'll need to get the NLB's external IP address and listen port. Because you don't specify a IP address at this time, one of remaining portable public IP addresses will be assigned to the network load balancer service:
$ kubectl apply -f my-nlb.yaml
service/my-nlb-svc configured

2. Get the NLB's external-IP address and the port

Next, you'll need to get the NLB's external IP address and listen port. Because you don't specify an IP address at this time, one of remaining portable public IP addresses will be assigned to the network load balancer service:

$ kubectl get services
NAME         TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)        AGE
my-nlb-svc   LoadBalancer   172.21.2.180   169.48.203.67  80:30979/TCP   1m32s
Next, you'll need to get the NLB's external IP address and listen port.

3. Access your app by <NLB's external-ip>:<NLB's listen port>

Run curl or access in a web browser:

$ curl 169.48.203.67:80
Hello world from hello-world-deployment-56999cc7cf-fk6ph! Your app is up and running in a cluster!

4. Create an IBM-provided subdomain for your app (optional)

You can create a subdomain for your app that registers public NLB IP addresses with a DNS entry. If you create a DNS subdomain for your NLB, users can access your app through the NLB's subdomain instead. A DNS system service resolves the subdomain to the portable public IP address of the NLB:

$ ibmcloud ks nlb-dns create classic -c tncluster --ip 169.48.203.67
OK
NLB hostname was created as tncluster-5be51ad3139a99d89cdf8f97c78ef71c-0001.us-south.containers.appdomain.cloud
$ curl tncluster-5be51ad3139a99d89cdf8f97c78ef71c-0001.us-south.containers.appdomain.cloud:80
Hello world from hello-world-deployment-56999cc7cf-fk6ph! Your app is up and running in a cluster!

5. Set up a custom domain (optional)

If you choose, you can set up a custom domain to point to the IBM-provided subdomain that you created in the previous step:

  • Register a custom domain by working with your Domain Name Service (DNS) provider or by using IBM Cloud Internet Services or IBM Cloud DNS.
  • Define an alias for your custom domain by specifying the IBM-provided subdomain as a Canonical Name record (CNAME).
$ curl <your custom domain>:80
Hello world from hello-world-deployment-56999cc7cf-fk6ph! Your app is up and running in a cluster!

Clean up

You can run the following commands to clean up the testing in this article:

$ ibmcloud ks nlb-dns rm classic -c tncluster --ip 169.48.203.67 --nlb-host tncluster-5be51ad3139a99d89cdf8f97c78ef71c-0001.us-south.containers.appdomain.cloud
$ kubectl delete services my-nlb-svc
$ kubectl delete deployment hello-world-deployment

Summary

I hope that you now understand how you can expose an application to the outside of your Kubernetes cluster with the network load balancer (NLB) so that users can access the app from the Internet.

For more details about using an NLB, see the following:

If you want to minimise downtime and plan high availability for your app, you can configure with the NLB in a single-zone or a multi-zone cluster. See more details in "Planning your cluster for high availability."

For more information on other methods of exposing your application to the outside of your Kubernetes cluster, see "What is Kubernetes Ingress?"

Be the first to hear about news, product updates, and innovation from IBM Cloud