nsc expose kubernetes

Expose a Kubernentes Load Balancer.

expose kubernetes opens a public ingress to a Load Balancer. The provided service needs to be up and running. For example, it can be created with nsc kubectl expose within an ephemeral instance. The exposed endpoint is encrypted with TLS and secured with Namespace authentication, so whoever has access to the workspace where the ephemeral environment was created in, will also have access to the endpoint.

Currently, it is possible to expose only HTTP services.


nsc expose kubernetes <instance-id> --namespace <name> --service <name> [--name <ingress-name>] [--port <port>] [--output <plain|json>]


In the example below, we first create an ephemeral instance, start nginx with kubectl run, create a Load Balancer with kubectl expose and then expose it using nsc expose kubernetes.

Create an ephemeral instance:

$ nsc create
  Created new ephemeral environment! ID: 072higp5dg0bg

Start nginx within the created instance:

nsc kubectl 072higp5dg0bg run nginx --image=nginx
pod/nginx created

And create a Load Balancer:

nsc kubectl 072higp5dg0bg expose pod nginx --type=LoadBalancer --port=80
service/nginx exposed

Afterwards, expose port 80 using the nsc expose kubernetes command:

$ nsc expose kubernetes 072higp5dg0bg --namespace=default --service=nginx --name=nginx-foobar
Exported port 80 from default/nginx:

Now you can visit the provided URL https://nginx-foobar-072higp5dg0bg.fra1.namespaced.app in your browser and use your Namespace credentials for authentication.


--namespace <namespace>

Specifies the namespace of the exposed Load Balancer. This option is required.

--service <service>

Specifies the name of the exposed Load Balancer. This option is required.

--name <name>

Set the name of the exposed ingress. By default, ingress names will be generated by Namespace.

--port <port>

In case there are multiple ports exported by the Load Balancer, use this flag to select the port to expose.

-o <type>

Specifies the output format. Supported options are json and plain. By default plain output format is used.


Wait until the provided service got has a valid ingress to expose.

--ingress <rules>

Note: This is a Business feature.

Specify additional rules per ingress. The following effects can be set per route:

  • noauth: Disables authentication on the route.

Rules are defined by specifying method, path regex, using one of the following schemes:

  • <effect>: Applies effect to any method or path.
  • <path_regex>:<effect>: Applies effect to paths that match path_regex (the full path without the query is using for matching.).
  • <method>[,<method>,...]:<path_regex>:<effect>: In addition to matching path, also matches against the HTTP method used.


Expose the service load balancer under a wildcard ingress. The hosting instance needs to be configured to support wildcard ingresses.