Jump toSuggest an edit

Exposing a Kubernetes Kapsule ingress controller service with a Load Balancer

Reviewed on 09 April 2024Published on 05 May 2020

This document will guide you through deploying a test application on a Kubernetes cluster, exposing it via an ingress object, and using a Scaleway Load Balancer to ensure persistent IP addressing.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization
  • Set up a Kubernetes Kapsule cluster, deploying a TRAEFIK2 ingress controller via the application library using the Easy Deploy function
  • Obtained the kubeconfig file for the cluster
  • Installed kubectl on your local machine

Exposing the ingress controller using a Scaleway Load Balancer

By default, ingress controllers on Kapsule are deployed using a hostPort. This ensures accessibility on all cluster nodes via ports 80 and 443. However, for production readiness, you might prefer using a Load Balancer to expose your services to the internet.


By default, a new security group that blocks all incoming traffic on the nodes for security purposes is created during cluster configuration. To allow incoming HTTP/80 and HTTPS/443 traffic, you need to modify the security group.

  1. In the Scaleway console, navigate to the Compute > Security groups section and find the security group named kubernetes <cluster-id>.
  2. Modify the security group rules to allow incoming traffic on ports 80 (HTTP) and 443 (HTTPS).
    • Allow TCP traffic on port 80 from all sources ( for HTTP.
    • Allow TCP traffic on port 443 from all sources ( for HTTPS.

Deploying a test application

  1. Deploy the cafe-ingress test application:

    kubectl create -f
  2. Create the ingress object (coffee-ingress.yaml) using the DNS wildcard provided by Scaleway:

    kind: Ingress
    name: coffee-ingress
    - path: /tea
    pathType: Prefix
    name: tea-svc
    number: 80
    - path: /coffee
    pathType: Prefix
    name: coffee-svc
    number: 80

    Your DNS wildcard is composed of your cluster ID (e.g., 68362d3b-57c8-4bea-905a-aeb7f9ab95dc) followed by .nodes.k8s.<SCW_REGION> For a cluster located in the Paris region, your DNS wildcard could be, for example:

  3. Apply the configuration:

    kubectl create -f coffee-ingress.yaml
  4. Test the ingress:

    curl http://YOUR_SCALEWAY_DNS_WILDCARD/coffee

Using a reserved IP with a Load Balancer

Reserve a flexible Load Balancer IP address through the Scaleway API. Take note of the IP address, referred to as RESERVED_IP from now on.

Using the reserved IP in Kubernetes

  1. Patch tea-svc to use the reserved IP with a LoadBalancer service:

    kubectl patch svc tea-svc --type merge --patch '{"spec":{"loadBalancerIP": "RESERVED_IP","type":"LoadBalancer"}}'
  2. Delete tea-svc:

    kubectl delete svc tea-svc
  3. Patch coffee-svc to use the reserved IP:

    kubectl patch svc coffee-svc --type merge --patch '{"spec":{"loadBalancerIP": "RESERVED_IP","type":"LoadBalancer"}}'
  • Loki monitoring on Kubernetes
  • Monitoring a Kubernetes Kapsule cluster
  • Deploy an image from a private registry
Docs APIScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCarreer
© 2023-2024 – Scaleway