K
Q

Google Cloud Kubernetes w/o load balancer

7/6/2018

Google Container Engine with external IP, without load balancer

I was looking into how to create a bunch of servers on a google cloud kubernetes engine. Ended up making a few with a load balancer... while the price isn't bad now I tried using a service type of NodePort and it binds to the local IP address of the VM it is tied to and not the external IP or anything else. How would I go about routing traffic to a service type of node-port? Also, would it be safe for me to make a SRV record for the container in the node to access my service with a preemptible instance / possible reassignment if kubernetes does this automatically?

-- quantomworks
google-cloud-platform
kubernetes

Similar Questions

Why does a pod with one container of equal requests and limits classify as a Burstable pod?
Does kubernetes has an api that can create multiple kind resources at the same time
How to change Kubernetes configuration key file from controller-manager and apiserver to point to the same x509 RSA key?
How to find out why mounting an emptyDir volume fails in Kubernetes?

1 Answer

7/6/2018

It is possible to use Kubernetes NodePort to act as external service.

NodePorts will expose a port on each of your hosts that you can use to reach your service.

The downside of this approach is dealing with port-management.

Applications can no assume same things like HTTPS is port 443, or that MySQL runs on port 3306. Instead, it may live on port 32042 in PROD, and 32012 in DEV.

Consider using NodePort that way is a gaping hole in cluster security, moreover NodePort cannot expose standard low-numbered ports like 80 and 443.

apiVersion: v1
kind: Service
metadata:  
  name: my-nodeport-service
spec:
  selector:    
    app: my-app
  type: NodePort
  ports:  
  - name: http
    port: 80
    targetPort: 80
    nodePort: 30036
    protocol: TCP

With ingress, you can run a software load balancer such as nginx, expose it as port 80/443 on all your hosts and then control routing any HTTP traffic to Kuberbetes services.

This works best for layer 7 traffic like HTTP/HTTPS.

You may try Ingress resources and Ingress controller and an external load balancer or public IP to enable path-based routing of external requests to internal Services.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
  backend:
    serviceName: other
    servicePort: 8080
  rules:
  - host: foo.mydomain.com
    http:
      paths:
      - backend:
          serviceName: foo
          servicePort: 8080
  - host: mydomain.com
    http:
      paths:
      - path: /bar/*
        backend:
          serviceName: bar
          servicePort: 8080

Inspirated by think-nodeport-kubernetes and cloud kubernetes nodeport vs ingress article.

-- d0bry
Source: StackOverflow