Expose a Service

Use a LoadBalancer Service to expose Pods on CKS to the public Internet

One way of exposing Pods on CKS to the public Internet is to use a LoadBalancer Service. These Services expose Pods to the Internet via public IPv4 addresses. Additionally, public DNS names can also optionally be assigned to them.

Create a Load Balancer Service

Create the manifest

A Service of type: LoadBalancer is created by deploying a Service manifest onto CKS. Here is a sample manifest:

loadbalancer-example.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/coreweave-load-balancer-type: public
  name: example-sshd
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: sshd
      port: 22
      protocol: TCP
      targetPort: sshd
  selector:
    app.kubernetes.io/name: sshd

In the example above:

• The Service (example-sshd) is configured as type: LoadBalancer.
• The coreweave-load-balancer-type annotation is public.

This creates a publicly-accessible Load Balancer Service.

Info

The address assigned to the Service is the next available address from CoreWeave's default egress IP addresses for each Region.

Deploy the manifest

Apply the manifest using kubectl. For example:

Example

$
kubectl apply -f example-sshd.yaml

Locate the IPv4 address

After the manifest is applied, use describe to see the deployed Service, for example:

Example

$
kubectl describe services example-sshd

The assigned public IPv4 address is found under the LoadBalancer Ingress field.

Learn more

For more information, see the official Kubernetes documentation.

Create a public DNS name

The address assigned to a Load Balancer Service is not static, and is liable to change if the Service is deleted and recreated. To ensure consistent addressability, use a public DNS name.

Info

Assigning a public DNS name to a Service does not automatically configure a TLS certificate. To secure the Service, we recommend using cert-manager to obtain a TLS certificate.

To create a public DNS name for a Load Balancer Service, add a service.beta.kubernetes.io/external-hostname annotation to the manifest featuring the desired hostname.

For example, the manifest below creates a foo hostname for the Load Balancer Service. Note the highlighted annotations.

loadbalancer-with-DNS-example.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/external-hostname: foo
    service.beta.kubernetes.io/coreweave-load-balancer-type: public
  name: example-sshd
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: sshd
      port: 22
      protocol: TCP
      targetPort: sshd
  selector:
    app.kubernetes.io/name: sshd

The complete DNS name for the Service is automatically constructed using the organization's Org ID plus the cluster name in this format:

<hostname>.<Org ID>-<cluster name>.coreweave.app

For example, assuming the following:

• An Org ID of abc123
• a cluster named mycluster
• an annotation of service.beta.kubernetes.io/external-hostname set to the value foo

The manifest above creates this fully-qualified DNS name:

foo.abc123-mycluster.coreweave.app

Info

DNS names must conform to RFC-1123 DNS naming standards. They must contain only alphanumeric characters or hyphens, and hyphens cannot appear at the beginning or end of the name.

Alternative hostname format

It's also possible to set the hostname annotation to a fully-qualified DNS name, as long as it follows the exact format shown earlier. For example, these two hostnames both produce the same name when applied to Org ID abc123 and cluster name mycluster:

Hostname	Created DNS
foo	foo.abc123-mycluster.coreweave.app
foo.abc123-mycluster.coreweave.app	foo.abc123-mycluster.coreweave.app

Important

If the hostname value is a fully-qualified DNS name, and it does not match the Org ID and cluster name, the entire value is prepended as the hostname, which is typically not desired.

For example, if the hostname value is set to foo.xyz456-mycluster.coreweave.app, the generated DNS name concatenates the full value along with the Org ID and cluster name, producing the final result of foo.xyz456-mycluster.coreweave.app.abc123-mycluster.coreweave.app. To avoid this issue, using the short format is recommended.

Wildcard DNS names

It's also possible to create a wildcard DNS name for a Load Balancer Service.

To do so, set the service.beta.kubernetes.io/external-hostname annotation to the value *. This creates a wildcard DNS name for the Service as shown below:

loadbalancer-wildcard-example.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/external-hostname: *
    service.beta.kubernetes.io/coreweave-load-balancer-type: public
  name: example-sshd
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: sshd
      port: 22
      protocol: TCP
      targetPort: sshd
  selector:
    app.kubernetes.io/name: sshd

IPv6 support

Load Balancers will support IPv6 in the first quarter of 2025. When enabled, all Load Balancers without an explicit address family will also receive an IPv6 address in addition to their IPv4 assignment.

If the Load Balancer should not have an IPv6 address when support is enabled, you must specify the ipv4 address family as highlighted below:

loadbalancer-example.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/coreweave-load-balancer-type: public
    service.beta.kubernetes.io/coreweave-load-balancer-ip-families: ipv4
  name: example-sshd
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: sshd
      port: 22
      protocol: TCP
      targetPort: sshd
  selector:
    app.kubernetes.io/name: sshd