Skip to content

Expose Services via LoadBalancer

This section describes how to expose individual Privacera Platform services using the Kubernetes LoadBalancer service type. This method is applicable only for Ingress-based deployments on AWS EKS. By default, Privacera services are accessed through Ingress; however, in certain cases, you may need to expose specific services directly to the external network using a Load Balancer.

Prerequisites

  • This feature is supported only for Ingress-based Privacera Manager deployments.
  • Ensure that your Kubernetes cluster supports provisioning external LoadBalancers (e.g., via AWS ELB, Azure LoadBalancer, etc.).
  • You must manually configure DNS for the LoadBalancer endpoints (e.g., create A or CNAME records) and handle any additional setup required for external access (e.g., firewall rules, IAM permissions).

Configuration Steps

To expose one or more services using a LoadBalancer, follow the steps below:

  1. Copy the LoadBalancer configuration file

    Bash
    1
2
    cd ~/privacera/privacera-manager
cp config/sample-vars/vars.kubernetes.loadbalancer.yml config/custom-vars/

    This file defines the service type (LoadBalancer) and allows adding custom annotations per service.

  2. Enable LoadBalancer for specific services

    Edit config/custom-vars/vars.kubernetes.loadbalancer.yml and uncomment the lines for services you want to expose.

    Example: To expose Portal and Ranger:

    YAML
    1
2
    PORTAL_K8S_SVC_TYPE: "LoadBalancer"
RANGER_K8S_SVC_TYPE: "LoadBalancer"

    To mark a LoadBalancer as external (internet-facing), uncomment the respective external setting:

    YAML
    1
2
    PORTAL_K8S_LOADBALANCER_EXTERNAL: "true"
RANGER_K8S_LOADBALANCER_EXTERNAL: "true"

    You can also specify custom annotations per service:

    YAML
    1
2
3
4
    PORTAL_SERVICE_EXTRA_ANNOTATIONS:
  - "service.beta.kubernetes.io/aws-load-balancer-type: nlb"
  - "service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing"
  - "external-dns.alpha.kubernetes.io/hostname: portal.example.com"

  3. Redeploy Privacera Manager

    Bash
    1
2
3
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
./pm_with_helm.sh install

    This will redeploy the Privacera Services with the updated configurations. The specified services will be recreated as Kubernetes services of type LoadBalancer.

  4. Update DNS Records

    Once deployment completes, Kubernetes will assign external endpoints (IP or hostname) to the LoadBalancer services.

    You must manually create DNS records to map the required hostnames to these new LoadBalancer addresses.

Note: You can find the LoadBalancer endpoints using:

Bash
1
kubectl get svc -n <YOUR_NAMESPACE> | grep LoadBalancer

Example Output:

Text Only
1
portal-service   LoadBalancer   a1b2c3d4e5f6.us-west-2.elb.amazonaws.com
Update your DNS provider with this address to route traffic appropriately.

You can configure annotations to control behavior such as SSL certificates, security groups, health checks, and more.

Comments