Different platforms provide their own annotations for creating the specific type of a load balancer.
AlloyDB Omni lets you specify load balancer annotations using thespecsection of the database cluster manifest. The database controller adds those annotations to the load balancerspecwhen creating a database cluster.
Create an internal load balancer using the database spec
You can create an internal load balancer by configuring thedbLoadBalancerOptionsfield in thespecsection of yourDBClustermanifest.
Kubernetes
Annotations define the type and properties of a load balancer. An internal load balancer requires the presence of the following annotation:
networking.gke.io/load-balancer-type: "internal"
To create an internal load balancer that permits connections from outside the GKE cluster within the same project, apply the following manifest:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Configure a load balancer for AlloyDB Omni on Kubernetes\n\nSelect a documentation version: 15.12.0keyboard_arrow_down\n\n- [Current (16.8.0)](/alloydb/omni/current/docs/configure-load-balancer-k8s)\n- [16.8.0](/alloydb/omni/16.8.0/docs/configure-load-balancer-k8s)\n- [16.3.0](/alloydb/omni/16.3.0/docs/configure-load-balancer-k8s)\n- [15.12.0](/alloydb/omni/15.12.0/docs/configure-load-balancer-k8s)\n- [15.7.1](/alloydb/omni/15.7.1/docs/configure-load-balancer-k8s)\n- [15.7.0](/alloydb/omni/15.7.0/docs/configure-load-balancer-k8s)\n- [15.5.5](/alloydb/omni/15.5.5/docs/configure-load-balancer-k8s)\n- [15.5.4](/alloydb/omni/15.5.4/docs/configure-load-balancer-k8s)\n\n\u003cbr /\u003e\n\nThis page summarizes how to configure a load balancer in AlloyDB Omni using the AlloyDB Omni `spec`. In Google Kubernetes Engine (GKE), a load balancer created by default is of the external type and bound with the external IP address to permit connections from the internet. However, if the `networking.gke.io/load-balancer-type: \"internal\"` annotation is included in the `metadata.annotations[]` field of the load balancer manifest, then GKE creates an internal load balancer.\n\n\u003cbr /\u003e\n\nDifferent platforms provide their own annotations for creating the specific type of a load balancer.\nAlloyDB Omni lets you specify load balancer annotations using the `spec` section of the database cluster manifest. The database controller adds those annotations to the load balancer `spec` when creating a database cluster.\n\nCreate an internal load balancer using the database spec\n--------------------------------------------------------\n\nYou can create an internal load balancer by configuring the `dbLoadBalancerOptions` field in the `spec` section of your `DBCluster` manifest. \n\n### Kubernetes\n\nAnnotations define the type and properties of a load balancer. An internal load balancer requires the presence of the following annotation: \n\n networking.gke.io/load-balancer-type: \"internal\"\n\nTo create an internal load balancer that permits connections from outside the GKE cluster within the same project, apply the following manifest: \n\n```bash\nkubectl apply -f - \u003c\u003cEOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: db-pw-DB_CLUSTER_NAME\ntype: Opaque\ndata:\n DB_CLUSTER_NAME: \"\u003cvar translate=\"no\"\u003eENCODED_PASSWORD\u003c/var\u003e\"\n---\napiVersion: alloydbomni.dbadmin.goog/v1\nkind: DBCluster\nmetadata:\n name: DB_CLUSTER_NAME\nspec:\n databaseVersion: \"15.5.0\"\n primarySpec:\n adminUser:\n passwordRef:\n name: db-pw-DB_CLUSTER_NAME\n resources:\n memory: 5Gi\n cpu: 1\n disks:\n - name: DataDisk\n size: 10Gi\n dbLoadBalancerOptions:\n annotations:\n networking.gke.io/load-balancer-type: \"internal\"\n allowExternalIncomingTraffic: true\nEOF\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eDB_CLUSTER_NAME\u003c/var\u003e: the name of your database cluster. It's the same database cluster name you declared when [you created it](/alloydb/omni/15.12.0/docs/deploy-kubernetes#create).\n\nIn this manifest:\n\n- **networking.gke.io/load-balancer-type: \"internal\"**: the GKE internal load balancer annotation to your database cluster\n- **allowExternalIncomingTraffic: true** : the `allowExternalIncomingTraffic` field is set to `true` to allow incoming traffic from outside the Kubernetes cluster\n\nGet the database cluster and connectivity details\n-------------------------------------------------\n\n### Kubernetes\n\nTo verify that the database cluster resource is in the `Ready` status, use the following command: \n\n kubectl get dbclusters.alloydbomni.dbadmin.goog -n \u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e -w\n\nThe output is similar to the following: \n\n NAME PRIMARYENDPOINT PRIMARYPHASE DBCLUSTERPHASE\n \u003cvar translate=\"no\"\u003eDB_CLUSTER_NAME\u003c/var\u003e 10.95.0.84 Ready DBClusterReady\n\nVerify that the annotation and IP address of the internal load balancer exist in the load balancer service, as follows: \n\n kubectl get svc \u003cvar translate=\"no\"\u003eLOAD_BALANCER_SERVICE_NAME\u003c/var\u003e -n \u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e -o yaml\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eLOAD_BALANCER_SERVICE_NAME\u003c/var\u003e: the name of your load balancer service that creates a unique IP address accessible by external networks.\n- \u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e: the name of the Kubernetes namespace for your load balancer service.\n\nThe output is similar to the following: \n\n```html\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n cloud.google.com/neg: '{\"ingress\":true}'\n networking.gke.io/load-balancer-type: internal\n creationTimestamp: \"2024-02-22T15:26:18Z\"\n finalizers:\n − gke.networking.io/l4-ilb-v1\n − service.kubernetes.io/load-balancer-cleanup\n labels:\n alloydbomni.internal.dbadmin.gdc.goog/dbcluster: DB_CLUSTER_NAME\n alloydbomni.internal.dbadmin.gdc.goog/dbcluster-ns: NAMESPACE\n alloydbomni.internal.dbadmin.gdc.goog/instance: ad98-foo\n alloydbomni.internal.dbadmin.gdc.goog/task-type: database\n egress.networking.gke.io/enabled: \"true\"\n name: LOAD_BALANCER_SERVICE_NAME\n namespace: NAMESPACE\n ownerReferences:\n − apiVersion: alloydbomni.dbadmin.goog/v1\n blockOwnerDeletion: true\n controller: true\n kind: DBCluster\n name: DB_CLUSTER_NAME\n uid: 2dd76c9f-7698-4210-be41-6d2259840a85\n resourceVersion: \"33628320\"\n uid: 1f45362b-6d6f-484d-ad35-11c14e91933e\nspec:\n allocateLoadBalancerNodePorts: true\n clusterIP: 10.60.4.76\n clusterIPs:\n − 10.60.4.76\n externalTrafficPolicy: Cluster\n internalTrafficPolicy: Cluster\n ipFamilies:\n − IPv4\n ipFamilyPolicy: SingleStack\n loadBalancerSourceRanges:\n − 0.0.0.0/0\n ports:\n − name: db\n nodePort: 31453\n port: 5432\n protocol: TCP\n targetPort: 5432\n selector:\n alloydbomni.internal.dbadmin.gdc.goog/dbcluster: DB_CLUSTER_NAME\n alloydbomni.internal.dbadmin.gdc.goog/dbcluster-ns: NAMESPACE\n alloydbomni.internal.dbadmin.gdc.goog/instance: ad98-foo\n alloydbomni.internal.dbadmin.gdc.goog/task-type: database\n egress.networking.gke.io/enabled: \"true\"\n sessionAffinity: None\n type: LoadBalancer\nstatus:\n loadBalancer:\n ingress:\n − ip: 10.95.0.84\n```\n\nThe output has the following attributes:\n\n- `networking.gke.io/load-balancer-type: internal`: an internal load balancer must exist in the load balancer service\n- `ip`: the primary endpoint value in the verification output of the database cluster matches to the ingress controller value of the load balancer\n\nWhat's next\n-----------\n\n- [Manage and monitor AlloyDB Omni](/alloydb/omni/15.12.0/docs/manage)"]]
