Home > Net >  Use External IP in Google cloud with Kubernetes service to expose it to the internet
Use External IP in Google cloud with Kubernetes service to expose it to the internet

Time:10-26

I have a phpmyadmin service running on kubernetes cluster. I want to reserve an External IP (static) on google cloud to use with this service so that it could be reachable from the internet. I have tried reserving an IP address on GCP and used it in the kubernetes service file as below:

apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert
    kompose.version: 1.21.0 (992df58d8)
  creationTimestamp: null
  labels:
    io.kompose.service: phpmyadmin
  name: phpmyadmin
spec:
  externalIPs: [xx.xxx.xxx.xxx]  #the external IP from Google cloud
  ports:
  - name: "8080"
    port: 8080
    targetPort: 80
  selector:
    io.kompose.service: phpmyadmin
status:
  loadBalancer: {}

When I specify the spec.type: LoadBalancer then the service is accessible from the internet with the default IP address that is generated from the type: LoadBalancer .

I tried to change firewall rules for the External IP address by allowing Ingress on port 8080, but that did not work.

CodePudding user response:

Instead of setting the exteranlIPs, you should set the spec.loadBalancerIP with the spec.type being of LoadBalancer value:

apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert
    kompose.version: 1.21.0 (992df58d8)
  creationTimestamp: null
  labels:
    io.kompose.service: phpmyadmin
  name: phpmyadmin
spec:
  ports:
  - name: "8080"
    port: 8080
    targetPort: 80
  selector:
    io.kompose.service: phpmyadmin
  type: LoadBalancer
  loadBalancerIP: "YOUR_IP_ADDRESS"
status:
  loadBalancer: {}

Note that exposing your Pods through an external static IP only supports regional load balanced traffic hence your reserved static IP address needs to be regional.

For a global IP address, you need to expose a HTTP(s) Load Balancer through an Ingress object.

CodePudding user response:

Firewall rules are applied at the Instance level. they cannot prevent traffic from reaching the Load Balancer itself.

Reference : https://cloud.google.com/load-balancing/docs/https/#firewall_rules

Your GKE LB service might be crating the HTTP Load balancer by default maybe you can checkout the NLB Load balancer : https://cloud.google.com/load-balancing/docs/choosing-load-balancer#summary-of-google-cloud-load-balancers

All port : https://cloud.google.com/kubernetes-engine/docs/how-to/service-parameters#all_ports

apiVersion: v1
kind: Service
metadata:
  name: helloworld
  labels:
    app: helloworld
  annotations:
    cloud.google.com/neg: '{"exposed_ports": {"8080":{}}}'
spec:
  ports:
  - name: 8080-8080
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: helloworld
  # Use LoadBalancer type instead of ClusterIP
  type: LoadBalancer

Example : https://spring-gcp.saturnism.me/deployment/kubernetes/load-balancing/external-load-balancing

  • Related