# Configure load balancers Load balancers provide a stable public IP address for routing external TCP or UDP traffic to your services and addons. They operate at Layer 4, distributing connections across one or more backends. Managed at the team level, a single load balancer can route traffic to workloads across multiple projects. > [!note] > [Click here](https://app.northflank.com/s/account/cloud/load-balancers) to view your load balancers. ## Create a load balancer To create a load balancer: 1. Navigate to **Cloud** → **Load balancers** from your team menu 2. Click **Create load balancer** ### Basic information 1. **Name**: Provide a name for the load balancer 2. **Description**: (Optional) Describe the purpose 3. **Protocol**: Select **TCP** or **UDP** ### Target Choose where the load balancer is provisioned: **For PaaS (managed cloud):** - Select a **region** (e.g., `europe-west`, `us-east`) **For BYOC:** - Select a **specific cluster** - Your cluster must support the provisioning of load balancers (contact support if needed) ### Ports Configure which ports the load balancer listens on. You can specify: - **Single port**: `80` - **Multiple ports**: `80,443,8080` - **Port range**: `8000-9000` You can configure up to **100 ports** per load balancer. **Restriction:** Ports 30000-32767 are reserved and cannot be used. ### Backends For each port, configure one or more backends to receive traffic. **For each backend, specify:** 1. **Project**: Select the project containing the service or addon 2. **Service or addon**: Select the backend workload 3. **Container port**: The port on the service/addon (1-65535) 4. **Weight**: Traffic proportion (1-100) **Backend requirements:** - Services must be running (not paused) - Projects must be deployed in the same region or cluster as the load balancer - For addon backends, only PostgreSQL is currently supported **Traffic weights:** Weights across all backends for a port must sum to **100**. Traffic is distributed proportionally based on these weights. ### Create Click **Create load balancer** to provision the infrastructure. Provisioning typically takes a few minutes. ## Configure traffic distribution Each backend's traffic share is its weight divided by the total weight across all backends for that port. Weights must sum to 100. | Backend | Weight | Traffic share | | --- | --- | --- | | Backend A | 60 | 60% | | Backend B | 25 | 25% | | Backend C | 15 | 15% | ## Update load balancers To modify an existing load balancer: 1. Navigate to the load balancer settings 2. Update configuration: - Add or remove ports - Add, remove, or modify backends - Adjust backend weights 3. Click **Update load balancer** **Important:** Updating a load balancer triggers re-provisioning. There may be a brief traffic interruption during the update. ## Lifecycle states Load balancers progress through these states: | Status | Description | | --- | --- | | Pending | Created, waiting to be set up | | Provisioning | Infrastructure is being provisioned | | Provisioned | Live and routing traffic - IPs available | | Error | Provisioning failed - platform will retry automatically | | Deleting | Being torn down | Once a load balancer reaches **Provisioned** state, you'll see one or more public IP addresses. Point your DNS A records to these IPs. ## DNS configuration To use a custom domain: 1. Wait for the load balancer to reach **Provisioned** state 2. Copy the public IP address 3. Create an A record in your DNS provider pointing to the load balancer IP Example: `app.example.com A 203.0.113.42` ## Template support Load balancers can be included in Northflank templates for infrastructure as code. **Example template node:** ```json { "kind": "LoadBalancer", "ref": "production-lb", "spec": { "name": "production-load-balancer", "description": "Load balancer for production traffic", "spec": { "type": "tcp", "target": { "type": "region", "targetId": "europe-west" }, "ports": [ { "id": "port-80", "port": "80", "backends": [ { "id": "${refs.production-project.id}/${refs.web-service.id}", "type": "service", "port": 8080, "weight": 100 } ] }, { "id": "port-443", "port": "443", "backends": [ { "id": "${refs.production-project.id}/${refs.web-service.id}", "type": "service", "port": 8443, "weight": 100 } ] } ] } } } ``` ## Important notes **No TLS termination:** Load balancers operate at Layer 4 only. Handle TLS in your application, or use Northflank's built-in domains for HTTP workloads. **No rate limiting:** Load balancers do not provide rate limiting or connection limits. Implement these at the application level. **BYOC and BYOK clusters:** Load balancers use the Kubernetes Gateway API with automated provisioning on the cloud provider side. BYOC clusters support load balancers (on AWS, provisioned as Network Load Balancers). For BYOK clusters, contact support to confirm whether your cloud provider supports this feature. ## Next steps - [Add a domain: Add your domain name to your Northflank account.](/v1/application/domains/add-a-domain-to-your-account) - [Link a domain to a port: How to link and unlink domains and subdomains with specific ports on your deployments.](/v1/application/domains/link-a-domain-to-a-port) - [Set IP policies: Allow or deny access to services based on IP addresses.](/v1/application/network/add-security-policies-for-ports#set-ip-policies) - [Configure basic authentication: Require users to enter a username and password to access your site.](/v1/application/network/add-security-policies-for-ports#require-credentials)