Escape k8s nodePort range

2/14/2022

I am forced to use the usual nodePort range 30000-32000 on managed kubernetes.

However, I need a specific port being exposed from every node outside of that range. Let's say that is port 5000. So, I've fixed nodePort=30033 on my service and I am now trying an old-school iptables redirect on my nodes to get port 5000 "redirected" to 30033:

iptables -t nat -I PREROUTING -p tcp --dport 5000 -j REDIRECT --to-port 30033

This doesn't work. I am suspecting traffic gets hijacked by kube-proxy rules before my rule is even applied.

Any ideas how to make this work with k8s-created iptables rules?

-- julius
iptables
kubernetes
service-node-port-range

0 Answers