Domain Name mapping to K8 service type of load balancer on GKE

12/9/2021

I am in the process of learning Kubernetes and creating a sample application on GKE. I am able to create pods, containers, and services on minikube, however, got stuck when exposing it on the internet using my custom domain like hr.mydomain.com.

My application says file-process is running on port 8080, now I want to expose it to the internet. I tried creating the service of load balancer type on GKE. I get the IP of the load balancer and map it to A record of hr.mydomain.com.

My question is - If this service is restarted, does the service IP changes every time and the service becomes inaccessible?

How do I manage it? What are the best practices when mapping domain names to svc?

File service

apiVersion: v1
kind: Service
metadata:
  name: file-process-service
  labels:
    app: file-process-service
spec:
  type: LoadBalancer
  ports:
    - name: http
      port: 80
      targetPort: 8080
      protocol: TCP

  selector:
    app: file-process-api
-- voila
google-kubernetes-engine
kubernetes

1 Answer

12/10/2021

Google Kubrnetes Engine is designed to take as much configuration hassle out of your hands as possible. Even if you restart the service nothing will change in regards to it's availability from the Internet.

Networking (including load balancing) is managed automatically withing the GKE cluster:

...Kubernetes uses Services to provide stable IP addresses for applications running within Pods. By default, Pods do not expose an external IP address, because kube-proxy manages all traffic on each node. Pods and their containers can communicate freely, but connections outside the cluster cannot access the Service. For instance, in the previous illustration, clients outside the cluster cannot access the frontend Service using its ClusterIP.

This means that if you expose the service and it will have external IP it will stay the same until the load balancer is deleted:

The network load balancer is aware of all nodes in your cluster and configures your VPC network's firewall rules to allow connections to the Service from outside the VPC network, using the Service's external IP address. You can assign a static external IP address to the Service.

At this point when you have a load balancer with static public IP in front of your service you can set this IP as an A record for your domain.

-- Wojtek_B
Source: StackOverflow