Skip to main content
Web services are HTTP-based services that can be exposed publicly or kept private within your cluster. This is a complete reference for all fields that can be set for a web service in porter.yaml.

Field Reference


Basic Example


private

boolean Optional When true, the service is fronted by the cluster’s private load balancer instead of the default public one. The service is reachable only from networks peered to your VPC (PrivateLink, VPC peering, transit gateway) — not from the public internet. This requires the cluster to have a private load balancer provisioned. See advanced cluster settings to enable one.
private is shorthand for loadBalancerConfig.mode: private_lb. Prefer loadBalancerConfig for new services — setting both on the same service is not supported.

loadBalancerConfig

object Optional Configures the load balancer that fronts the web service. Use this to explicitly route the service through the cluster’s public or private load balancer. When mode is private_lb, the service is fronted by the cluster’s private load balancer and is reachable only from peered networks. The cluster must have a private load balancer provisioned (see advanced cluster settings). Custom domains attached to a private service must have DNS provider credentials configured on the cluster so Porter can provision certificates for custom domains. When mode is public_lb or loadBalancerConfig is omitted, the service is fronted by the cluster’s default public load balancer.

disableTLS

boolean Optional Disable TLS termination at the load balancer. Only use this for services that handle their own TLS or for internal testing.
Disabling TLS exposes your service over HTTP. Only use this when you have a specific requirement.

autoscaling

object Optional Configure horizontal pod autoscaling based on CPU and memory utilization. See Autoscaling Configuration for full documentation.

domains

array Optional Configure custom domains for your web service.

healthCheck

object Optional Configure a combined health check that applies to liveness, readiness, and startup probes.
Cannot be used together with livenessCheck, readinessCheck, or startupCheck. Use either the combined healthCheck or the individual checks.
For best practices on combining health checks with graceful shutdown for zero-downtime deployments, see Zero-Downtime Deployments.

Advanced Health Checks

For fine-grained control, configure liveness, readiness, and startup probes separately.

livenessCheck

object Optional Determines if the container should be restarted.

readinessCheck

object Optional Determines if the container is ready to receive traffic.

startupCheck

object Optional Used for slow-starting containers. Other probes are disabled until this passes.

pathRouting

array Optional Configure path-based routing to direct requests to different ports or services.
A path must be specified for the default port set in services.port.

pathRoutingConfig

object Optional Configure path rewriting behavior for path-based routing. Rewrite Modes:

ingressAnnotations

object Optional Add custom NGINX ingress annotations for advanced configuration.
Common use cases include increasing upload limits, configuring timeouts, and enabling WebSocket support.

connections

array Optional Connect to external cloud services. See Connections Configuration for full documentation.

serviceMeshEnabled

boolean Optional Enable service mesh for enhanced inter-service communication with improved performance, reliability, and monitoring.
Recommended for applications with multiple services that communicate with each other, especially those using gRPC or WebSockets.

metricsScraping

object Optional Configure Prometheus metrics scraping for custom application metrics.

terminationGracePeriodSeconds

integer Optional Seconds to wait for graceful shutdown before forcefully terminating the container.
Increase this value for services that need time to complete in-flight requests or cleanup tasks.

gpuCoresNvidia

integer Optional Allocate NVIDIA GPU cores for ML inference or GPU-accelerated workloads.
Requires a node group with GPU-enabled instances.

Complete Example