Skip to main content

🌐 Exposing Applications with Public IP on Kubernetes

This guide shows two ways to expose applications using a public IP on SaveinCloud's Kubernetes: through a Dedicated Load Balancer or directly on a Worker node.


🚀 Method 1: Dedicated Load Balancer

1. Cluster Creation and Application Deployment

Access the MARKETPLACE, install the Kubernetes cluster, and deploy the desired application. In this example, we use dominio.com (Jakarta EE).

2. Changing the Topology

Click Change Topology next to the Kubernetes environment and add a Dedicated Load Balancer with a public IP.

Topologia Kubernetes com Load Balancer

info

You can choose NGINX, HAProxy, LS Web ADC, or Varnish as the load balancer.

The topology will look like:

Topologia final com Load Balancer

Desenho de estrutura com Load Balancer

3. Create A Record and Custom Domain

Create an A record in your domain pointing to the allocated public IP. Example: dominio.com.jele.website.

4. Issue SSL Certificate

  1. Access the Load Balancer Add-Ons.
  2. Install the Let's Encrypt Free SSL.

AddOn Lets Encrypt

  1. Enter the pointed domain and apply.

After this, your application will be available with its own domain and encrypted traffic via HTTPS:

https://dominio.com.jele.website

🔄 Method 2: Direct Public IP on the Worker

In this method, the application is accessed directly via the public IP of a Worker node in the cluster.

Desenho estrutura com IP direto no worker

1. Allocate Public IP on the Worker

Go to Change Topology and add a Public IP to the Worker node.

IP no Worker

2. Create A Record for New IP

Create an A record pointing to the new IP. Example: dominio-com-worker.jele.website.

3. Install Cert-Manager and Ingress Controller

  1. Go to the Control Plane Add-ons.
  2. Install the Certificate Manager.
  3. This will also install an NGINX Ingress Controller with LoadBalancer support.

Addon Certificate Manager

4. Apply Domain

Enter the custom domain during installation.

5. Clean Test App

Remove the default test application created:

kubectl delete deploy hello-cert-manager
kubectl delete svc hello-cert-manager
kubectl delete ing helloworld-cert

6. Create Ingress with TLS

Create a file named dominio-com-worker-ingress.yaml with:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dominio-com-worker
namespace: default
annotations:
kubernetes.io/ingress.class: nginx-cert
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/affinity-mode: "persistent"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
tls:
- hosts:
- dominio-com-worker.jele.website
secretName: external-domain-tls
rules:
- host: dominio-com-worker.jele.website
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: dominio-com
port:
number: 80

Apply it to the cluster with:

kubectl apply -f dominio-com-worker-ingress.yaml

7. Test Access

After about 1 minute, the certificate will be automatically issued. Access:

https://dominio-com-worker.jele.website

✅ Result

You now have two active ingresses:

  • dominio.com - via the Load Balancer's public IP
  • dominio-com-worker - via the Worker node's public IP
tip

In production, it is recommended to choose only one approach, according to your access and load balancing strategy.



🧠 Questions?

Contact our SaveinCloud technical support team!