1

I would like to bind my service on all nodes to ports 80 and 443, so that I will be redirected via a DNS name (kubernetes) to any node that redirects me directly to the service via HTTP/S and then to the deployment (nginx). However, I don't know exactly how this works, because the range of the NodePorts only goes from 30000 to 32xxx.

Here is my setup

DNS-Name IPv4 k8s-master 172.25.35.47 k8s-node-01 172.25.36.47 k8s-node-02 172.25.36.8 kubernetes 172.25.36.47 kubernetes 172.25.36.8

My yaml-file

apiVersion: v1 kind: Service metadata: name: proxy spec: ports: - name: http nodePort: 80 port: 80 protocol: TCP targetPort: 80 - name: https nodePort: 443 port: 443 protocol: TCP targetPort: 443 selector: name: proxy type: NodePort --- apiVersion: apps/v1 kind: Deployment metadata: name: proxy labels: name: proxy spec: selector: matchLabels: name: proxy replicas: 1 template: metadata: labels: name: proxy spec: containers: - name: nginx image: nginx:latest ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP

Which type of service provide me a function to expose this ports or how I can realize my mental setup?

Volker

Improve this question
0

1 Answer 1

Reset to default
1

You have two options:

  1. simple port forwarding
  2. externalIPs
  3. keepalived

Simple port forwarding

Run the following on all servers

sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports <nodeport> sudo iptables -t nat -I OUTPUT -p tcp -o lo --dport 443 -j REDIRECT --to-ports <nodeport>

replace <nodeport> with the port you choose for nodeport. This requires you to run a command on all machines, and is a bit hacks. A better solution would be:

externalIps

link to docs

This allows you to bind any port on a specific node, which will then be routed through the cluster. This does provide a single point of failure, obviously, which can be fixed with:

keepalived

keepalived is a very simple piece of software. It creates a virtual IP address, which is moved to point to a different node when the master fails. It effecively creastes an alias IP address for the master keepalived server. A good start would be keepalived-vip, which automatically sets up keepalived for services you give it.

conclusion

I personally use keepalived-vip for this, as it fits my network model much better, but if your clients can access any of your servers, then simple port forwarding is the only way to go about it.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.