K
Q

Exposing UDP and TCP ports for sftp server using Ingress in GKE

7/17/2019

I am trying to set up a multi-cluster deployment in which there are multiple clusters and one ingress is load balancing the requests between them.

HTTP services work well with the set-up the problem here is the sftp server.

Referring to this answer and this documentation I am trying to access port 22 of the sftp service.

Deployment of sftp is being exposed on port 22. Below is the manifest:

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: sftp
  labels:
    environment: production
    app: sftp
spec:
  replicas: 1
  minReadySeconds: 10
  template:
    metadata:
      labels:
        environment: production
        app: sftp
      annotations:
        container.apparmor.security.beta.kubernetes.io/sftp: runtime/default
    spec:
      containers:
        - name: sftp
          image: atmoz/sftp:alpine
          imagePullPolicy: Always
          args: ["user:1001:100:upload"]
          ports:
            - containerPort: 22
          securityContext:
            capabilities:
              add: ["SYS_ADMIN"]
          resources: {}

Here is the simple manifest for the sftp-service using NodePort service:

apiVersion: v1
kind: Service
metadata:
  labels:
    environment: production
  name: sftp-service
spec:
  type: NodePort
  ports:
  - name: sftp-port
    targetPort: 9000
    port: 9000
    nodePort: 30063
    protocol: TCP
  selector:
    app: sftp

ConfigMap create to referring to the above mentioned documentation and answer looks like below:

apiVersion: v1
kind: ConfigMap
metadata:
  name: sftp-service
data:
  9000: "default/sftp-service:22"

And finally the ingress manifest is something like below:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-foo
  annotations:
    kubernetes.io/ingress.global-static-ip-name: static-ip
    kubernetes.io/ingress.class: gce-multi-cluster
spec:
  backend:
    serviceName: http-service-zone-printer
    servicePort: 80
  rules:
  - http:
      paths:
      - path: /sftp
        backend:
          serviceName: sftp-service
          servicePort: 22
  template:
    spec:
      containers:
        - name: proxy-port
          args:
            - "--tcp-services-configmap=default/sftp-service"

I feel, I have not understood the way to expose the TCP/UDP port for sftp server on kubernetes using ingress. What am I doing wrong here?

Is there any other way to simple setup an sftp using ingress and NodePort service in a multicluster deployment?

Here is the official document I am referring to do the set-up.

-- Amit Yadav
configmap
google-cloud-platform
google-kubernetes-engine
kubernetes
kubernetes-ingress

Similar Questions

Getting Envoy Access Logs with Istio on GKE
How to Deploy EFS-Provisioner with PVC working
How to get client IP address in Kubernetes with service type ClusterIP
Spark - Master: got disassociated, removing it

2 Answers

7/17/2019

looks like this isn't supported with ingress which is the reason that this issue exist

A possible solution could be to use nodeport for sftp as described in this document

-- Aleksandar
Source: StackOverflow
7/18/2019

You need to run an HTTP server.

You can run an HTTP server that exposes the same files maybe with a side container in the same pod

-- EAT
Source: StackOverflow