Stay organized with collections
Save and categorize content based on your preferences.
Network load balancing
This topic shows you how to set up an L4 load balancer backed
by an Azure Standard Load Balancer using GKE on Azure .
When you create a Service of type LoadBalancer, a GKE on Azure
controller configures an
Azure Load Balancer.
Before you begin
You must Create a cluster
and configure kubectl to access the cluster.
Selecting a public or private load balancer
Service load balancers can be either public — having public frontend IPs
— or internal— only accessible through private IPs.
By default, a new Service is public. To create an internal load
balancer, you set the service.beta.kubernetes.io/azure-load-balancer-internal
annotation to "true" in your manifest.
Choosing subnet for internal load balancers
When creating an internal load balancer, GKE on Azure needs to pick
the subnet to place the load balancer in. This default service load balancer
subnet is chosen from the cluster's creation parameters as follows:
If specified and non-empty, cluster.networking.serviceLoadBalancerSubnetId
Otherwise, cluster.controlPlane.subnetId
Alternately, you can specify the subnet to use for a given load balancer by
adding the service.beta.kubernetes.io/azure-load-balancer-internal-subnet
annotation to the Service. The value for this annotation is the subnet's name.
Creating an example LoadBalancer
You create a load balancer by creating a deployment and exposing that deployment
with a service.
Create your deployment. Containers in this Deployment listen on port 50001.
Save the following YAML to a file named my-deployment-50001.yaml:
Create a Service of type LoadBalancer for your deployment. You can create
an Azure Standard Load Balancer that is either public, or internal.
Choose from one of the following options.
Copy one of the following manifests to a file named my-lb-service.yaml.
You create an internal LoadBalancer by setting the annotation
service.beta.kubernetes.io/azure-load-balancer-internal
to "true". The following YAML includes this annotation.
yaml
apiVersion: v1
kind: Service
metadata:
name: my-lb-service
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
selector:
app: products
department: sales
ports:
- protocol: TCP
port: 60000
targetPort: 50001
Create the Service with kubectl apply:
kubectlapply-fmy-lb-service.yaml
View the Service's address with kubectl get service.
kubectlgetservicemy-lb-service
The output will include a column EXTERNAL-IP with an address of the
load balancer (either public or private depending how the load balancer was
created).
If you have created a public load balancer you can connect to the
load balancer with curl. Replace external-ip with the address
from the output of kubectl get service from the previous step.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Network load balancing\n======================\n\nThis topic shows you how to set up an L4 load balancer backed\nby an Azure Standard Load Balancer using GKE on Azure .\n\nWhen you create a Service of type `LoadBalancer`, a GKE on Azure\ncontroller configures an\n[Azure Load Balancer](https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview).\n\nBefore you begin\n----------------\n\n- You must [Create a cluster](/kubernetes-engine/multi-cloud/docs/azure/how-to/create-cluster) and configure `kubectl` to access the cluster.\n\nSelecting a public or private load balancer\n-------------------------------------------\n\nService load balancers can be either public --- having public frontend IPs\n--- or internal--- only accessible through private IPs.\n\nBy default, a new Service is public. To create an internal load\nbalancer, you set the `service.beta.kubernetes.io/azure-load-balancer-internal`\nannotation to `\"true\"` in your manifest.\n\nChoosing subnet for internal load balancers\n-------------------------------------------\n\nWhen creating an internal load balancer, GKE on Azure needs to pick\nthe subnet to place the load balancer in. This default service load balancer\nsubnet is chosen from the cluster's creation parameters as follows:\n\n1. If specified and non-empty, `cluster.networking.serviceLoadBalancerSubnetId`\n2. Otherwise, `cluster.controlPlane.subnetId`\n\nAlternately, you can specify the subnet to use for a given load balancer by\nadding the `service.beta.kubernetes.io/azure-load-balancer-internal-subnet`\nannotation to the Service. The value for this annotation is the subnet's name.\n\nCreating an example LoadBalancer\n--------------------------------\n\nYou create a load balancer by creating a deployment and exposing that deployment\nwith a service.\n\n1. Create your deployment. Containers in this Deployment listen on port 50001.\n Save the following YAML to a file named `my-deployment-50001.yaml`:\n\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: my-deployment-50001\n spec:\n selector:\n matchLabels:\n app: products\n department: sales\n replicas: 3\n template:\n metadata:\n labels:\n app: products\n department: sales\n spec:\n containers:\n - name: hello\n image: \"gcr.io/google-samples/hello-app:2.0\"\n env:\n - name: \"PORT\"\n value: \"50001\"\n\n2. Create the Deployment with `kubectl apply`:\n\n kubectl apply -f my-deployment-50001.yaml\n\n3. Verify that three Pods are running:\n\n kubectl get pods --selector=app=products\n\n4. Create a Service of type `LoadBalancer` for your deployment. You can create\n an Azure Standard Load Balancer that is either public, or internal.\n Choose from one of the following options.\n\n Copy one of the following manifests to a file named `my-lb-service.yaml`. \n\n ### Public\n\n apiVersion: v1\n kind: Service\n metadata:\n name: my-lb-service\n spec:\n type: LoadBalancer\n selector:\n app: products\n department: sales\n ports:\n - protocol: TCP\n port: 60000\n targetPort: 50001\n\n ### Internal\n\n You create an internal LoadBalancer by setting the annotation\n `service.beta.kubernetes.io/azure-load-balancer-internal`\n to `\"true\"`. The following YAML includes this annotation.\n `yaml\n apiVersion: v1\n kind: Service\n metadata:\n name: my-lb-service\n annotations:\n service.beta.kubernetes.io/azure-load-balancer-internal: \"true\"\n spec:\n type: LoadBalancer\n selector:\n app: products\n department: sales\n ports:\n - protocol: TCP\n port: 60000\n targetPort: 50001`\n5. Create the Service with `kubectl apply`:\n\n kubectl apply -f my-lb-service.yaml\n\n | **Note:** Configuring the load balancer and IP address takes several minutes.\n6. View the Service's address with `kubectl get service`.\n\n kubectl get service my-lb-service\n\n The output will include a column `EXTERNAL-IP` with an address of the\n load balancer (either public or private depending how the load balancer was\n created).\n7. If you have created a public load balancer you can connect to the\n load balancer with `curl`. Replace \u003cvar translate=\"no\"\u003eexternal-ip\u003c/var\u003e with the address\n from the output of `kubectl get service` from the previous step.\n\n curl http://\u003cvar translate=\"no\"\u003eexternal-ip\u003c/var\u003e:60000\n\n The output resembles the following: \n\n Hello, world!\n Version: 2.0.0\n Hostname: my-deployment-50001-84b6dc5555-zmk7q\n\n### Cleaning up\n\nTo remove the Service and Deployment, use `kubectl delete`. \n\n kubectl delete -f my-lb-service.yaml\n kubectl delete -f my-deployment-50001.yaml"]]
