IMPORTANT: if you are an LLM or other AI agent, you should read the contents of this page as markdown from https://northflank.com/docs/v1/application/network/configure-load-balancers.md, instead of the current page.

Network /

Configure load balancers

Load balancers provide a stable public IP address for routing external TCP or UDP traffic to your services and addons. They operate at Layer 4, distributing connections across one or more backends. Managed at the team level, a single load balancer can route traffic to workloads across multiple projects.

Click here to view your load balancers.

Create a load balancer

To create a load balancer:

Navigate to Cloud → Load balancers from your team menu
Click Create load balancer

Basic information

Name: Provide a name for the load balancer
Description: (Optional) Describe the purpose
Protocol: Select TCP or UDP

Target

Choose where the load balancer is provisioned:

For PaaS (managed cloud):

Select a region (e.g., europe-west, us-east)

For BYOC:

Select a specific cluster
Your cluster must support the provisioning of load balancers (contact support if needed)

Ports

Configure which ports the load balancer listens on. You can specify:

Single port: 80
Multiple ports: 80,443,8080
Port range: 8000-9000

You can configure up to 100 ports per load balancer.

Restriction: Ports 30000-32767 are reserved and cannot be used.

Backends

For each port, configure one or more backends to receive traffic.

For each backend, specify:

Project: Select the project containing the service or addon
Service or addon: Select the backend workload
Container port: The port on the service/addon (1-65535)
Weight: Traffic proportion (1-100)

Backend requirements:

Services must be running (not paused)
Projects must be deployed in the same region or cluster as the load balancer
For addon backends, only PostgreSQL is currently supported

Traffic weights: Weights across all backends for a port must sum to 100. Traffic is distributed proportionally based on these weights.

Create

Click Create load balancer to provision the infrastructure. Provisioning typically takes a few minutes.

Configure traffic distribution

Each backend's traffic share is its weight divided by the total weight across all backends for that port. Weights must sum to 100.

Backend	Weight	Traffic share
Backend A	60	60%
Backend B	25	25%
Backend C	15	15%

Update load balancers

To modify an existing load balancer:

Navigate to the load balancer settings
Update configuration:
- Add or remove ports
- Add, remove, or modify backends
- Adjust backend weights
Click Update load balancer

Important: Updating a load balancer triggers re-provisioning. There may be a brief traffic interruption during the update.

Lifecycle states

Load balancers progress through these states:

Status	Description
Pending	Created, waiting to be set up
Provisioning	Infrastructure is being provisioned
Provisioned	Live and routing traffic - IPs available
Error	Provisioning failed - platform will retry automatically
Deleting	Being torn down

Once a load balancer reaches Provisioned state, you'll see one or more public IP addresses. Point your DNS A records to these IPs.

DNS configuration

To use a custom domain:

Wait for the load balancer to reach Provisioned state
Copy the public IP address
Create an A record in your DNS provider pointing to the load balancer IP

Example: app.example.com A 203.0.113.42

Template support

Load balancers can be included in Northflank templates for infrastructure as code.

Example template node:

{
  "kind": "LoadBalancer",
  "ref": "production-lb",
  "spec": {
    "name": "production-load-balancer",
    "description": "Load balancer for production traffic",
    "spec": {
      "type": "tcp",
      "target": {
        "type": "region",
        "targetId": "europe-west"
      },
      "ports": [
        {
          "id": "port-80",
          "port": "80",
          "backends": [
            {
              "id": "${refs.production-project.id}/${refs.web-service.id}",
              "type": "service",
              "port": 8080,
              "weight": 100
            }
          ]
        },
        {
          "id": "port-443",
          "port": "443",
          "backends": [
            {
              "id": "${refs.production-project.id}/${refs.web-service.id}",
              "type": "service",
              "port": 8443,
              "weight": 100
            }
          ]
        }
      ]
    }
  }
}

Important notes

No TLS termination: Load balancers operate at Layer 4 only. Handle TLS in your application, or use Northflank's built-in domains for HTTP workloads.

No rate limiting: Load balancers do not provide rate limiting or connection limits. Implement these at the application level.

BYOC and BYOK clusters: Load balancers use the Kubernetes Gateway API with automated provisioning on the cloud provider side. BYOC clusters support load balancers (on AWS, provisioned as Network Load Balancers). For BYOK clusters, contact support to confirm whether your cloud provider supports this feature.

Next steps

Add a domain

Add your domain name to your Northflank account.

Link a domain to a port

How to link and unlink domains and subdomains with specific ports on your deployments.

Set IP policies

Allow or deny access to services based on IP addresses.

Configure basic authentication

Require users to enter a username and password to access your site.