Stay organized with collections
Save and categorize content based on your preferences.
Internal load balancers (ILB) expose services within the organization from an
internal IP pool assigned to the organization. An ILB service is never
accessible from any endpoint outside of the organization.
By default, you can access ILB services within the same project from any cluster
in the organization. The default project network policy
doesn't let you access any project resources from outside the project, and this
restriction applies to ILB services as well. If the Platform Administrator (PA)
configures project network policies that allow access to your project from other
projects, then the ILB service is also accessible from those other projects in
the same organization.
Before you begin
To configure ILBs, you must have the following:
Own the project you are configuring the load balancer for. For more information, see Create a project.
The necessary identity and access roles:
Ask your Organization IAM Admin to grant you the Load Balancer Admin (load-balancer-admin) role.
You can target pod or VM workloads using the KRM API and gdcloud CLI. You can only target workloads in the cluster where the Service object is created when you use the Kubernetes Service directly from the Kubernetes cluster.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Configure internal load balancers\n\nInternal load balancers (ILB) expose services within the organization from an\ninternal IP pool assigned to the organization. An ILB service is never\naccessible from any endpoint outside of the organization.\n\nBy default, you can access ILB services within the same project from any cluster\nin the organization. The default [project network policy](/distributed-cloud/hosted/docs/latest/appliance/platform/pa-user/pnp/pnp-overview)\ndoesn't let you access any project resources from outside the project, and this\nrestriction applies to ILB services as well. If the Platform Administrator (PA)\nconfigures project network policies that allow access to your project from other\nprojects, then the ILB service is also accessible from those other projects in\nthe same organization.\n\nBefore you begin\n----------------\n\nTo configure ILBs, you must have the following:\n\n- Own the project you are configuring the load balancer for. For more information, see [Create a project](/distributed-cloud/hosted/docs/latest/appliance/platform/pa-user/create-a-project).\n- The necessary identity and access roles:\n\n - Ask your Organization IAM Admin to grant you the Load Balancer Admin (`load-balancer-admin`) role.\n\nCreate an internal load balancer\n--------------------------------\n\nCreate ILBs using three different methods in\nGDC:\n\n- Use the [gdcloud CLI](/distributed-cloud/hosted/docs/latest/appliance/resources/gdcloud-overview) to create ILBs.\n- Use the [Networking Kubernetes Resource Model (KRM)\n API](/distributed-cloud/hosted/docs/latest/appliance/apis/service/networking/networking-api-overview) to create ILBs\n\nYou can target pod or VM workloads using the KRM API and gdcloud CLI. You can only target workloads in the cluster where the `Service` object is created when you use the Kubernetes Service directly from the Kubernetes cluster."]]