How to expose an http/https application on Azure Kubernetes Services

5/23/2019

I'm porting my dockerized app to kubernetes and I'm facing an issue creating a load balancer with aks:

The Service "lbalance" is invalid: spec.ports[0].nodePort: Invalid value: 80: provided port is not in the valid range. 
The range of valid ports is 30000-32767

the configuration is pretty straightforward

apiVersion: v1
kind: Service
metadata:
  name: lbalance
spec:
  selector:
    app: lbalance
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    nodePort: 80
    name: http
  - protocol: TCP
    port: 443
    targetPort: 443
    nodePort: 443
    name: https
  type: LoadBalancer

Behind that sits an haproxy with ssl termination toward the other services exposed within the cluster

In my testing environment I had a property to control which port to open ( --service-node-port-range ) but I cannot find that property neither on the portal page nor on the Azure documentation.

Is there a way to have a service on default ports or a recommended way to connect back to that Endpoint ports?

-- Lorenzo Boccaccia
azure
azure-aks
kubernetes

2 Answers

5/23/2019

you need to remove the nodePort declaration from your yaml and it will get allocated by kubernetes from the pool mentioned in the error text (the only one you can use).

apiVersion: v1
kind: Service
metadata:
  name: lbalance
spec:
  selector:
    app: lbalance
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    name: http
  - protocol: TCP
    port: 443
    targetPort: 443
    name: https
  type: LoadBalancer

this way your service would be available on 80\443 and thing will work like they should

-- 4c74356b41
Source: StackOverflow

5/23/2019

30000-32767 is the default nodeport range in kubernetes. you have defined as, nodePort: 443. it is not supported and hence the error was thrown.

follow the below steps

  1. replace NodePort with ClusterIP as service type
  2. deploy ingress controller
  3. deploy default backend
  4. create secret from dns certificates ( for https )
  5. deploy Ingress Rule ( include the secrets ) to route the users request to backend service.
-- P Ekambaram
Source: StackOverflow