Kubernetes LoadBalancer service: How to expose apps to the internet
Learn how Kubernetes LoadBalancer services work. Provisions an external IP via your cloud provider covers when to use it, security considerations, and how it works on Civo.
4 lessons · 11 min · Advanced
Written by
Marketing Team at Civo
Written by
Marketing Team at Civo
A LoadBalancer Service provisions an external IP address that routes traffic from the internet into your cluster. It is the simplest way to make a Kubernetes application publicly accessible on a cloud platform.
When you create a LoadBalancer Service, Kubernetes asks the cloud provider to provision a load balancer. Once provisioned, you get an external IP address that anyone on the internet can connect to.
When to use LoadBalancer
LoadBalancer is appropriate when:
- You need to expose a TCP or UDP service that cannot go through an HTTP Ingress controller
- You are doing quick testing and need external access immediately
- Your application handles its own authentication and TLS at the application level
- You are on Civo and want the simplest path to external access
For HTTP and HTTPS production workloads, use an Ingress controller in front of a ClusterIP Service instead. An Ingress gives you TLS termination, hostname-based routing, and path-based routing with proper access control. A LoadBalancer alone exposes your application directly to the internet without any of those protections.
Working example
Start with a NodePort or ClusterIP Service already applied to the example namespace. Change the type to LoadBalancer:
apiVersion: v1kind: Servicemetadata:name: node-applicationnamespace: examplespec:type: LoadBalancerselector:run: node-applicationports:- name: httpprotocol: TCPport: 3000targetPort: 8080
kubectl apply -f manifests/service.yaml -n example
Watch for the external IP to be assigned:
kubectl get service -n example -w
Expected output while provisioning:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEnode-application LoadBalancer 10.96.145.23 <pending> 3000:31520/TCP 5s
Expected output once the external IP is assigned:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEnode-application LoadBalancer 10.96.145.23 74.220.16.43 3000:31520/TCP 30s
<pending> means the cloud provider is still provisioning the load balancer. On Civo this typically resolves within seconds.
Verify all resources:
kubectl get all -n example
You can now access your application at http://74.220.16.43:3000 from anywhere on the internet.
Security considerations
A LoadBalancer Service makes your application publicly accessible on the internet without TLS, authentication, or rate limiting. Anyone who knows the IP address and port can connect to it.
This is acceptable for:
- Quick demos and testing where you will tear down the service afterwards
- TCP/UDP services like databases or game servers where you control access at the network or application level
- Applications that implement their own authentication
This is not acceptable for:
- Production HTTP/HTTPS applications without an Ingress controller providing TLS termination
- Services containing sensitive data exposed without authentication
- Long-running services left open without monitoring
For production HTTP workloads, create a ClusterIP Service for your application and put an Ingress controller such as nginx or Traefik in front of it. The Ingress handles TLS, hostname routing, and path routing. The application stays internal.
How LoadBalancer works on Civo
On Civo Kubernetes (k3s), LoadBalancer Services are provisioned using ServiceLB (formerly Klipper). ServiceLB creates a DaemonSet of pods on each node that handle the external traffic forwarding. The external IP is assigned from the node pool's public IPs.
This is different from AWS, GKE, and AKS where the cloud provider provisions a dedicated external load balancer resource. On Civo the provisioning happens in seconds because it uses the existing node infrastructure rather than provisioning a separate cloud resource.
kubectl get all -n example
You will see the ServiceLB DaemonSet pods alongside your application pods. These are created automatically by Civo when a LoadBalancer Service is applied.
Provider comparison

Marketing Team at Civo
Civo is the Sovereign Cloud and AI platform designed to help developers and enterprises build without limits. We bridge the gap between the openness of the public cloud and the rigorous security of private environments, delivering full cloud parity across every deployment. As a team, we are dedicated to providing scalable compute, lightning-fast Kubernetes, and managed services that are ready in minutes. Through CivoStack Enterprise and our FlexCore appliance, we empower organizations to maintain total data sovereignty on their own hardware.
Our mission is to make the cloud faster, simpler, and fairer. By providing enterprise-grade NVIDIA GPUs and streamlined model management, we ensure that high-performance AI and machine learning are accessible to everyone. Built for transparency and performance, the Civo Team is here to give you total control over your infrastructure, your data, and your spend.
Share this lesson
Nice work, you finished Kubernetes Services: Exposing your Applications Inside and Outside the Cluster.
Your next step is up to you - keep building on what you've learned, or put it into practice on Civo.
Put it into practice
Spin up your first cluster on Civo
Get $250 free credit and launch a production-ready Kubernetes cluster in under 90 seconds.