K
Q

Is there any way to access a service with type NodePort instead of LoadBalancer?

10/30/2020

I have a simple kubernetes setup: 1 pod, 1 service with LoadBalancer and things just work. But I don't want to pay extra for a load balancer when I have only 1 pod.

I tried to switch to NodePort, but I'm not able to access the service on the right ports (because they are remapped to 30000+ ports). I have a service that I'd like to access on port 443, but I can't, so what can I do in this case?

My service would be https://server.aaa.com, but if the port is remapped to 30000, I need to use https://server.aaa.com:30000? any way to be on port 443?

https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

-- 07mm8
kubernetes

Similar Questions

How Scale increases by adding new container in host?
Kubernetes AKS internal load balancer not responding?
Traefik does not want to work on port 80 AWS
How to fix error 'Operation [get] for kind [pod] with name [spark-wordcount-driver] in namespace [non-default-namespace] failed
kubernetes pods/nodes is forbidden

2 Answers

10/30/2020

If you wish to avoid paying for the loadbalancer i would suggest to take a look into Metallb.

MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation. In short, it allows you to create Kubernetes services of type “LoadBalancer” in clusters that don’t run on a cloud provider, and thus cannot simply hook into paid products to provide load-balancers.

This would be better solution than using nodePort since it has significant downsides for production use. Changing the nodePort range also is not recommended since it might get in to conflict with other ports (You may find here more information why) . However if you want to do it there is nothing blocking you from doing that.

Still worth to note that there is not good alternative to cloud native LBs. The possible substitutes have issues, that makes them less convenient to use and less secure.

Lastly you may want to check the Kubernestes host namespaces :

  • HostNetwork - Controls whether the pod may use the node network namespace. Doing so gives the pod access to the loopback device, services listening on localhost, and could be used to snoop on network activity of other pods on the same node.

  • HostPorts - Provides a list of ranges of allowable ports in the host network namespace. Defined as a list of HostPortRange, with min(inclusive) and max(inclusive). Defaults to no allowed host ports.

However HostPort has couple of downsides as it limits the scheduling options for your pod, as only hosts with vacancies for your chosen port can be used. If the host where your pods are running become unreachable, K8s will reschedule it to different nodes. So if the IP address for you workload change, clients of your application will lose access to the pod (the same thing will happen if you restart the pod).

You may want to read this document where the author compares hostNetwork, hostPortsand nodePort.

-- acid_fuji
Source: StackOverflow
10/30/2020

Two options :

  1. you can try haproxy outside kubernetes . This video explains similar requirement as yours.
  2. setting "--service-node-port-range" . check this blog
-- confused genius
Source: StackOverflow