Assign public ip to the service which is running on Kubernetes

5/4/2018

i have a application ( Let's say Integration-protocol-api) and this application want to talk to other application, but this application located on another Network (Let's call it Another-Integration-Protocol)
And problem is, on another-integration-protocol side the whitelist exist, which allow to connect to it, only from selected ip addresses. But my integration-protocol-api is Dockerized and running on Kubernetes cluster, so ip address is changing everyime when i restart my pod. how can i assign the Public and Static ip to my Kubernetes Pod?

-- Joom187
kubernetes

2 Answers

5/4/2018

A pod makes any request with it's node IP address as source. So you could whitelist your cluster nodes' IP addresses, and it should work.

-- suren
Source: StackOverflow

5/4/2018

But my integration-protocol-api is Dockerized and running on Kubernetes cluster, so ip address is changing everyime when i restart my pod. how can i assign the Public and Static ip to my Kubernetes Pod

  • There are several approaches, depending on your actual setup/needs and I'll try to give some options here:

    • Tie pod to specific node and expose that node's IP address through service. This would be something along those lines:

      # Quick deployment/pod manifest node selector (affinity is better)
      ...
      spec:
        nodeSelector:
          kubernetes.io/hostname: my-node-name
      ...
      # Service manifest 
      apiVersion: v1
      kind: Service
      metadata:
        name: svc-myservice
        labels:
          app: myapp
          tier: frontend
      spec:
        selector:
          app: myapp
          tier: frontend
        ports:
        - name: tcpserviceport
          protocol: TCP
          port: 8080
          targetPort: 80
        externalIPs:
        - 111.222.222.111

      Pod should be in same namespace, tied to that node via either node selector or affinity rules and have same labels as in selector for service to pick it up. IP address of cluster node with name my-node-name should be 111.222.222.111 in this example, and it would be accessible through port 8080 and that ip address.

    • If applicable, expose service through ingress and whitelist ingress public ip only. Depending on your namespace separation you'll reference your pod (wherever it might run) in ingress through corresponding service using either service name (in namespace scope) or FQDN such as:

      <service-name>.<namespace-name>.svc.cluster.local
    • Here is good overview of some methods to make it more illustrative from kubernetes docs: https://kubernetes.io/docs/tutorials/kubernetes-basics/expose-intro/

-- Const
Source: StackOverflow