I have a phpmyadmin service running on kubernetes cluster. I want to reserve an External IP (static) on google cloud to use with this service so that it could be reachable from the internet. I have tried reserving an IP address on GCP and used it in the kubernetes service file as below:
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: phpmyadmin
name: phpmyadmin
spec:
externalIPs: [xx.xxx.xxx.xxx] #the external IP from Google cloud
ports:
- name: "8080"
port: 8080
targetPort: 80
selector:
io.kompose.service: phpmyadmin
status:
loadBalancer: {}
When I specify the spec.type: LoadBalancer
then the service is accessible from the internet with the default IP address that is generated from the type: LoadBalancer
.
I tried to change firewall rules for the External IP address by allowing Ingress on port 8080, but that did not work.
CodePudding user response:
Instead of setting the exteranlIPs
, you should set the spec.loadBalancerIP
with the spec.type
being of LoadBalancer
value:
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: phpmyadmin
name: phpmyadmin
spec:
ports:
- name: "8080"
port: 8080
targetPort: 80
selector:
io.kompose.service: phpmyadmin
type: LoadBalancer
loadBalancerIP: "YOUR_IP_ADDRESS"
status:
loadBalancer: {}
For a global IP address, you need to expose a HTTP(s) Load Balancer through an Ingress
object.
CodePudding user response:
Firewall rules are applied at the Instance level. they cannot prevent traffic from reaching the Load Balancer itself.
Reference : https://cloud.google.com/load-balancing/docs/https/#firewall_rules
Your GKE LB service might be crating the HTTP Load balancer by default maybe you can checkout the NLB Load balancer : https://cloud.google.com/load-balancing/docs/choosing-load-balancer#summary-of-google-cloud-load-balancers
All port : https://cloud.google.com/kubernetes-engine/docs/how-to/service-parameters#all_ports
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
annotations:
cloud.google.com/neg: '{"exposed_ports": {"8080":{}}}'
spec:
ports:
- name: 8080-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: helloworld
# Use LoadBalancer type instead of ClusterIP
type: LoadBalancer
Example : https://spring-gcp.saturnism.me/deployment/kubernetes/load-balancing/external-load-balancing