I have 3 nodes k8 cluster in on-premise setup in my company which run a TCP listener exposed on port 58047.
We have a network load balancer which can RR on this nodes.
I can expose the port to the host in each nodes so NLB will take care, or should i create a service which exposes a single external ip which will be specified in the NLB.
Which is the best approach?
NAME READY STATUS RESTARTS AGE
pod/iothubdeployment-57bbb5f4d6-m62df 1/1 Running 1 50m
pod/iothubdeployment-57bbb5f4d6-r9mzr 1/1 Running 1 50m
pod/iothubdeployment-57bbb5f4d6-w5dq4 1/1 Running 0 50m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d18h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/iothubdeployment 3/3 3 3 56m
NAME DESIRED CURRENT READY AGE
replicaset.apps/iothubdeployment-57bbb5f4d6 3 3 3 50m
replicaset.apps/iothubdeployment-6b78b96dc5 0 0 0 56m My deployment-definition
apiVersion: apps/v1
kind: Deployment
metadata:
name: iothubdeployment
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 67%
minReadySeconds: 5
selector:
matchLabels:
app: iothub
template:
metadata:
labels:
app: iothub
version: 1.1.0
spec:
containers:
- name: iothubpod
image: gitlab.dt.local:5555/cere-brum/iot_gateway/iot_hub/iot_hub:latest
imagePullPolicy: Always
ports:
- containerPort: 58047
hostPort: 58000
protocol: TCP
imagePullSecrets:
- name: regcredLooks like you’re directly trying to expose a Deployment via a host port. That is not recommended: you should create a Service that instructs Kubernetes how to expose your Deployment to other workloads in the cluster and outside.
A NodePort service would allow you to properly expose your Deployment on each Node: your load balancer can then be configured to connect to that port on any of your node IPs.