expose private kubernetes cluster with NodePort type service

11/13/2019

I have created a VPC-native cluster on GKE, master authorized networks disabled on it. I think I did all things correctly but I still can't access to the app externally.

Below is my service manifest.

apiVersion: v1
kind: Service
metadata:
    annotations:
        kompose.cmd: kompose convert
        kompose.version: 1.16.0 (0c01309)
    creationTimestamp: null
    labels:
        io.kompose.service: app
    name: app
spec:
    ports:
        - name: '3000'
          port: 80
          targetPort: 3000
          protocol: TCP
          nodePort: 30382
    selector:
        io.kompose.service: app
    type: NodePort

The app's container port is 3000 and I checked it is working from logs. I added firewall to open the 30382port in my vpc network too. I still can't access to the node with the specified nodePort. Is there anything I am missing?


kubectl get ep:

NAME         ENDPOINTS          AGE
app          10.20.0.10:3000    6h17m
kubernetes   34.69.50.167:443   29h

kubectl get svc:

NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
app          NodePort    10.24.6.14   <none>        80:30382/TCP   6h25m
kubernetes   ClusterIP   10.24.0.1    <none>        443/TCP        29h
-- Robert B.
google-kubernetes-engine
kubernetes

1 Answer

11/13/2019

In Kubernetes, the service is used to communicate with pods.

To expose the pods outside the kubernetes cluster, you will need k8s service of NodePort type.

The NodePort setting applies to the Kubernetes services. By default Kubernetes services are accessible at the ClusterIP which is an internal IP address reachable from inside of the Kubernetes cluster only. The ClusterIP enables the applications running within the pods to access the service. To make the service accessible from outside of the cluster a user can create a service of type NodePort.

Please note that it is needed to have external IP address assigned to one of the nodes in cluster and a Firewall rule that allows ingress traffic to that port. As a result kubeproxy on Kubernetes node (the external IP address is attached to) will proxy that port to the pods selected by the service.

-- Nick
Source: StackOverflow