Kubermatic Load Balancer
Welcome to Kubermatic Load Balancer, the next-generation application delivery platform designed for cloud-native architectures. As cloud-native have evolved, Kubermatic Load Balancer offers a multi-tenancy approach to load balancing, providing seamless scalability, security, and management for distributed applications and teams.
Evolution of Cloud-Native Load Balancer Architectures
Monolithic Architecture Challenges
- Limited separation for multi-cluster, multi-team applications
- Difficult to adopt new technologies without network team involvement
- Inefficient scaling of individual load balancer across many clusters
- Complex, risky, and time-consuming deployments
Cloud-Native Architecture Benefits
- Rapid development and evolution of multi-tenant load balancer services
- Streamlined operation of hundreds of load balancers
- Independent deployment of services
- Efficient scaling of individual load balancers
- Utilization of Kubernetes APIs for lightweight communication
- Enhanced application scalability across teams and Kubernetes clusters
Rise of REST and Kubermatic Load Balancer for Microservices Apps
Kubermatic Load Balancer Overview
Kubermatic Load Balancer is a software-based application delivery and load balancer platform, providing secure, scalable network services for cloud-native applications. Its distributed architecture, powered by high-performance Cilium and Envoy, offers unparalleled flexibility and scalability.
Kubermatic Load Balancer introduces significant enhancements including support for Layer 7 Application load balancing through Ingress and Gateway API for advanced traffic management, automated DNS and certificate management for security and automated tenant registration. Additionally, it features the new SyncSecrets API for secure, flexible management of sensitive data alongside various other improvements and features. These upgrades streamline operations and boost performance, making Kubermatic Load Balancer ideal for modern data center needs.
Key Features
Layer 4 Load Balancing
Centralized L4 Load Balancing: Provision, manage, and secure Layer 4 load balancers across traditional, hybrid, and multi-cloud environments from a single, unified control plane.
TCP/UDP
Both TCP and UDP load balancers are supported along with advanced configuration support using TCPRoute and UDPRoute from Gateway API.
Web Application Firewall
Centralized WAF protection across your multi-tenant, multi-cloud fleet. Block SQL injection, XSS, and OWASP threats without any application changes.
Ingress to Gateway API Migrator
Automated migration from Ingress to Gateway API resources. Convert your existing ingress-nginx resources to Gateway API resources without any manual changes.
Ingress
Ingress support for Layer 7 Application Load Balancing
Gateway API
Extensive Gateway API support for Application Load Balancing. Including policy-based routing, circuit breaking, rate limiting, and more.
Agent to Agent & MCP Gateway
Kubermatic Load Balancer provides support to connect, secure, and observe agent-to-agent and agent-to-tools communication using agentgateway. Routing to Model Context Protocol (MCP) servers is also supported.
BGP
Kubermatic Load Balancer can be used with any load balancing appliance. Route advertisement protocols such as BGP, OSPF, and L2 are all supported.
TLS
Automation to manage and provision certificates from a single control plane
DNS Automation
DNS automation for workloads distributed among a fleet of clusters
IPv6 Support
Kubermatic Load Balancer supports IPv6 load balancing.
Traffic Management
Advanced traffic management features like circuit breaking, rate limiting, failover, timeouts, retry policies and much more to ensure application resilience and quality of service
Centralized Security & Authentication
Manage security including mTLS, JWT-based access control, OIDC integration, and API key authorization for all your tenants from a central point, ensuring uniformity across your environment.
Multi-tenant Environment
Each tenant is isolated at namespace and network level, enabling higher segregation and preventing noisy neighbor issues.
No Vendor Lock-in for LoadBalancing appliance
Kubermatic Load Balancer can be used with any cloud-based, third-party, or bare metal load-balancer appliance or implementation.
AI Gateway
Kubermatic Load Balancer offers centralized AI Gateway support using Kgateway, supporting advanced features such as:
- AI Gateway to support and secure LLM consumption
- Inference Gateway support to intelligently route to AI workloads
- Prompt Enrichment and guardrails
Why KubeLB?
Application Delivery and Load Balancing
Comprehensive Layer 4 and Layer 7 load balancing with full Gateway API support. Extensible and scalable, built for modern cloud-native environments.
Reduce Operational Complexity and Cost
One control plane for hundreds of load balancers. Automate tenant registration, DNS management, and certificate provisioning, eliminating manual configuration across your fleet of clusters.
Centralized Security and Governance
Enforce security policies uniformly across clusters with true multi-tenant isolation. Centralized Web Application Firewall, OIDC Authentication, Access Control, and more.
Environment Agnostic and Multi-Cloud Ready
Deploy anywhere; public cloud, private cloud, or bare metal. Flexible architecture with no vendor lock-in for your load balancing infrastructure.
Scalable Multi-Tenant Architecture
Strong tenant isolation with automated registration. Elastic scaling across multi-clusters and multi-teams with multiple gateways per tenant for flexibility and redundancy.
Built for High Availability
N-Way Active-Active redundancy ensures your applications stay online. Automatic scaling based on traffic patterns for consistent performance under load.
Community vs. Enterprise: Feature Breakdown
| Feature | Enterprise Edition | Community Edition |
|---|---|---|
| Load Balancing | ||
| TCP/UDP Load Balancing |  available | available |
| Ingress | available | available |
| Gateway API | ||
| HTTPRoute, GRPCRoute | available | available |
| TCPRoute, UDPRoute, TLSRoute | available |  not available |
| Multiple Gateways per tenant | available | not available |
| Traffic Policies (Client/Backend) | available | not available |
| Security | ||
| Web Application Firewall (Alpha) | available | not available |
| Management | ||
| Ingress to Gateway API Migration (Beta) | available | available |
| Bring your own certificates | available | available |
| DNS automation | available | not available |
| Certificate management | available | not available |
| Gateway/LoadBalancer limits | available | not available |
| CLI tunneling | available | not available |
| Observability | ||
| Prometheus metrics | available | available |
| Grafana dashboards | available | available |
| Supply Chain Security | ||
| Artifact signing (Cosign) | available | available |
| SBOMs | available | available |
| Vulnerability scanning | available | available |
Kubermatic Load Balancer has revolutionized our application delivery, seamlessly aligning with the evolution to microservices, providing unparalleled scalability, security, and management while simplifying operational complexities and proving to be an ideal solution for our modern data center requirements.
