Skip to content




This documentation is deprecated, please check here for its new home

Follow this documentation when trying to expose a service running in a Kubernetes cluster outside CERN.

The request depends on how you're exposing your service.


When exposing the service using Ingress you need to open the firewall for all hosts serving as Ingress controllers.

The recommendation is to create a landb set with these nodes, and ask for a firewall opening with an email to

In the future we'll automate the management of landb sets.

serviceType: LoadBalancer

When using a serviceType: LoadBalancer, first check the device name corresponding to the virtual IP of your instance:

kubectl get service
NAME        TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
myservice   LoadBalancer   80:31020/TCP,443:31303/TCP   3h53m

host domain name pointer

Take the dns name resulting from the command above and pass it in the InterfaceName of this link:

And in the Central Firewall Configuration go ahead and Make Firewall Request.

Last update: June 1, 2022