Skip to content

Expose Services via LoadBalancer

This section describes how to expose individual Privacera Platform services using the Kubernetes LoadBalancer service type. This method is applicable only for Ingress-based deployments on AWS EKS. By default, Privacera services are accessed through Ingress; however, in certain cases, you may need to expose specific services directly to the external network using a Load Balancer.

Prerequisites

  • This feature is supported only for Ingress-based Privacera Manager deployments.
  • Ensure that your Kubernetes cluster supports provisioning external LoadBalancers (e.g., via AWS ELB, Azure LoadBalancer, etc.).
  • You must manually configure DNS for the LoadBalancer endpoints (e.g., create A or CNAME records) and handle any additional setup required for external access (e.g., firewall rules, IAM permissions).

Configuration Steps

To expose one or more services using a LoadBalancer, follow the steps below:

  1. Copy the LoadBalancer sample file

    Bash
    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.kubernetes.external.lb.yml config/custom-vars/
    
  2. Enable LoadBalancer for specific services

    Edit the file config/custom-vars/vars.kubernetes.external.lb.yml and uncomment the lines corresponding to the services you want to expose.

    YAML
    1
    2
    3
    # Example: Exposing Portal and Ranger
    PORTAL_K8S_SVC_TYPE: "LoadBalancer"
    RANGER_K8S_SVC_TYPE: "LoadBalancer"
    
  3. Redeploy Privacera Manager

    Bash
    1
    2
    3
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh setup
    ./pm_with_helm.sh install
    

    This will redeploy the Privacera Services with updated configurations. The specified services will be recreated as Kubernetes services of type LoadBalancer.

  4. Update DNS Records

    Once deployment completes, Kubernetes will assign external endpoints (IP or hostname) to the LoadBalancer services.

    You must manually create DNS records to map the required hostnames to these new LoadBalancer addresses.


Note: You can find the LoadBalancer endpoints using:

Bash
kubectl get svc -n <YOUR_NAMESPACE> | grep LoadBalancer

Example Output:

Text Only
portal-service   LoadBalancer   a1b2c3d4e5f6.us-west-2.elb.amazonaws.com

Update your DNS provider with this address to route traffic appropriately.

Comments