Exposing Containerized Applications
Do the following to expose an application deployment so that worker node applications can be reached from outside Compute Cloud@Customer:
- 
Create an external load balancer. 
- 
Update ingress and egress rules as necessary to support the port requirements of your containerized applications. For example, if any application uses TCP port 3000, then an ingress rule needs to be added with port 3000. 
Create an External Load Balancer
An external load balancer is a Service of type LoadBalancer. The service provides load balancing for an application that has multiple running instances.
If you use the --service-lb-defined-tags or --service-lb-flexible-tags options to specify tags to be applied to external load balancers. then ensure that the applicable dynamic group includes the following policy. See Create a Cluster Dynamic Group and Policies.
allow dynamic-group dynamic-group-name to use tag-namespaces in compartment compartment-nameEnsure that the load balancer shape parameter has one of the following values:
- 
400Mbps
- 
flexible– Requires that you also provideflex-minandflex-maxannotations.
You might need to edit the application deployment file to modify the load balancer shape value. See Specifying Alternative Load Balancer Shapes and Specifying Flexible Load Balancer Shapes for more information and examples of how to set these values.
To create a service load balancer on a private cluster (a cluster with a private worker load balancer subnet), then use the following annotation in your external load balancer template:
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
Use the following command to create the external load balancer:
# kubectl create -f expose_lbThe following is the content of the expose_lb file:
apiVersion: v1
kind: Service
metadata:
  name: my-nginx-svc
  labels:
    app: nginx
  annotations:
    oci.oraclecloud.com/load-balancer-type: "lb"
    service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps"
spec:
  type: LoadBalancer
  ports:
   - port: 80
  selector:
    app: nginxThe following command shows more information about this external load balancer. The LoadBalancer Ingress IP address is the IP address that's used to reach node applications from outside the Compute Cloud@Customer. In the Compute Cloud@Customer Console, the LoadBalancer Ingress IP address is shown under the heading "IP Address" at the bottom of the first column on load balancer details page, followed by the label "(Public)."
# kubectl describe svc my-nginx-svc
Name:                     my-nginx-svc
Namespace:                default
Labels:                   app=nginx
Annotations:              oci.oraclecloud.com/load-balancer-type: lb
                          service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps
Selector:                 app=nginx
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       IP_address
IPs:                      IP_address
LoadBalancer Ingress:     Load_Balancer_IP_address
Port:                     <unset> 80/TCP
TargetPort:               80/TCP
NodePort:                 <unset> 32145/TCP
Endpoints:                IP_address:port, IP_address+1:port, IP_address+2:port
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason                Age    From                Message
  ----
  Normal  EnsuringLoadBalancer  7m48s  service-controller  Ensuring load balancer
  Normal  EnsuredLoadBalancer   6m40s  service-controller  Ensured load balancerFor descriptions of traffic policies, see Preserving the client source IP.
Use the following command to list IP addresses and ports for the external load balancer:
# kubectl get svc
NAME          TYPE          CLUSTER-IP  EXTERNAL-IP               PORT(S)       AGE
kubernetes    ClusterIP     IP_address  <none>                    443/TCP       6h17m
my-nginx-svc  LoadBalancer  IP_address
         Load_Balancer_IP_address  80:32145/TCP  5h5mWhat's Next: