I have a simple kubernetes setup: 1 pod, 1 service with LoadBalancer and things just work. But I don't want to pay extra for a load balancer when I have only 1 pod.
I tried to switch to NodePort, but I'm not able to access the service on the right ports (because they are remapped to 30000+ ports). I have a service that I'd like to access on port 443, but I can't, so what can I do in this case?
My service would be https://server.aaa.com
, but if the port is remapped to 30000, I need to use https://server.aaa.com:30000
? any way to be on port 443?
https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
If you wish to avoid paying for the loadbalancer i would suggest to take a look into Metallb.
MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation. In short, it allows you to create Kubernetes services of type “LoadBalancer” in clusters that don’t run on a cloud provider, and thus cannot simply hook into paid products to provide load-balancers.
This would be better solution than using nodePort
since it has significant downsides for production use. Changing the nodePort
range also is not recommended since it might get in to conflict with other ports (You may find here more information why) . However if you want to do it there is nothing blocking you from doing that.
Still worth to note that there is not good alternative to cloud native LBs. The possible substitutes have issues, that makes them less convenient to use and less secure.
Lastly you may want to check the Kubernestes host namespaces :
HostNetwork - Controls whether the pod may use the node network namespace. Doing so gives the pod access to the loopback device, services listening on localhost, and could be used to snoop on network activity of other pods on the same node.
HostPorts - Provides a list of ranges of allowable ports in the host network namespace. Defined as a list of HostPortRange
, with
min
(inclusive) and max
(inclusive). Defaults to no allowed host
ports.
However HostPort
has couple of downsides as it limits the scheduling options for your pod, as only hosts with vacancies for your chosen port can be used. If the host where your pods are running become unreachable, K8s will reschedule it to different nodes. So if the IP address for you workload change, clients of your application will lose access to the pod (the same thing will happen if you restart the pod).
You may want to read this document where the author compares hostNetwork
, hostPorts
and nodePort
.