I have an app deployed on kubernetes cluster. The kubernetes node port is 30010 which will be redirect to 41018. [root@kubernetes-slave ~]# iptables -L -n -t nat Chain KUBE-NODEPORT-HOST (1 references) target prot opt source destination DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/myservice:http */ tcp dpt:30010 to:<server_ip>:41018
Every thing works fine if I disable the firewall. But if I enable it with service firewalld start. I can not access http://<server_ip>:30010. Even if I execute firewall-cmd --zone=public --add-port=30010/tcp, It is still "Bad GateWay"
After two days of debug, I finally figured out that I should open 41018 port instead of 30010, then every thing works.
But the question here is that the 30010 port can be configured by user, but the port 41018 is randomly chosen by kubernetes on each deployment.
I think it is not a good choice to open 41018 port. Is there any suggestion? Or Is there some problem in my use of kubernetes?
You can set a static nodePort in your Service definition that will not change on each deploy.
For example:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "my-service"
},
"spec": {
"selector": {
"app": "MyApp"
},
"ports": [
{
"protocol": "TCP",
"port": 80,
"targetPort": 9376,
"nodePort": 30061
}
],
"type": "nodePort"
}
}
Should always create a nodePort of 30061 for your service.