Expose Services via LoadBalancer¶
This section describes how to expose individual Privacera Platform services using the Kubernetes LoadBalancer
service type. This method is applicable only for Ingress-based deployments on AWS EKS
. By default, Privacera services are accessed through Ingress; however, in certain cases, you may need to expose specific services directly to the external network using a Load Balancer.
Prerequisites¶
- This feature is supported only for Ingress-based Privacera Manager deployments.
- Ensure that your Kubernetes cluster supports provisioning external LoadBalancers (e.g., via AWS ELB, Azure LoadBalancer, etc.).
- You must manually configure DNS for the LoadBalancer endpoints (e.g., create A or CNAME records) and handle any additional setup required for external access (e.g., firewall rules, IAM permissions).
Configuration Steps¶
To expose one or more services using a LoadBalancer, follow the steps below:
-
Copy the LoadBalancer configuration file
Bash This file defines the service type (
LoadBalancer
) and allows adding custom annotations per service. -
Enable LoadBalancer for specific services
Edit
config/custom-vars/vars.kubernetes.loadbalancer.yml
and uncomment the lines for services you want to expose.Example: To expose Portal and Ranger:
To mark a LoadBalancer as external (internet-facing), uncomment the respective external setting:
You can also specify custom annotations per service:
-
Redeploy Privacera Manager
This will redeploy the Privacera Services with the updated configurations. The specified services will be recreated as Kubernetes services of type
LoadBalancer
. -
Update DNS Records
Once deployment completes, Kubernetes will assign external endpoints (IP or hostname) to the LoadBalancer services.
You must manually create DNS records to map the required hostnames to these new LoadBalancer addresses.
Note: You can find the LoadBalancer endpoints using:
Bash | |
---|---|
Example Output:
Text Only | |
---|---|
You can configure annotations to control behavior such as SSL certificates, security groups, health checks, and more.
- Previous: Advanced Configuration