{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Juvenile、少年° 的问题《How can you publish a Kubernetes Service without u》','https://www.manongdao.com/q-1316561.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I would like to avoid using type: "LoadBalancer" for a certain Kubernetes Service, but still to be able to publish it on the Internet. I am using Google Cloud Platform (GCP) to run a Kubernetes cluster currently running on a single node.
I tried to us the externalIPs Service configuration and to give at turns, the IPs of:
- the instance hosting the Kubernetes cluster (External IP; which also conincides with the IP address of the Kubernetes node as reported by
kubernetes describe node) - the Kubernetes cluster endpoint (as reported by the Google Cloud Console in the details of the cluster)
- the public/external IP of another Kubernetes Service of type
LoadBalancerrunning on the same node.
None of the above helped me reach my application using the Kubernetes Service with an externalIPs configuration.
So, how can I publish a service on the Internet without using a LoadBalancer-type Kubernetes Service.
If you don't want to use a
LoadBalancerservice, other options for exposing your service publicly are:Type
NodePortCreate your service with
typeset toNodePort, and Kubernetes will allocate a port on all of your node VMs on which your service will be exposed (docs). E.g. if you have 2 nodes, w/ public IPs12.34.56.78and23.45.67.89, and Kubernetes assigns your service port 31234, then the service will be available publicly on both12.34.56.78:31234&23.45.67.89:31234Specify
externalIPsIf you have the ability to route public IPs to your nodes, you can specify
externalIPsin your service to tell Kubernetes "If you see something come in destined for that IP w/ my service port, route it to me." (docs)The cluster endpoint won't work for this because that is only the IP of your Kubernetes master. The public IP of another
LoadBalancerservice won't work because the LoadBalancer is only configured to route the port of that original service. I'd expect the node IP to work, but it may conflict if your service port is a privileged port.Use the
/proxy/endpointThe Kubernetes API includes a
/proxy/endpoint that allows you to access services on the cluster endpoint IP. E.g. if your cluster endpoint is1.2.3.4, you could reachmy-servicein namespacemy-nsby accessinghttps://1.2.3.4/api/v1/proxy/namespaces/my-ns/services/my-servicewith your cluster credentials. This should really only be used for testing/debugging, as it takes all traffic through your Kubernetes master on the way to the service (extra hops, SPOF, etc.).There are a few idiomatic ways to expose a service externally in Kubernetes (see note#1):
There's another option: set the
hostNetworkflag on your pod.For example, you can use helm3 to install nginx this way:
The nginx is then available at port 80 & 443 on the IP address of the node that runs the pod. You can use node selectors or affinity or other tools to influence this choice.