Run SMTP server EKS and export port 25 via NLB load balancer
0
I have an EKS cluster that runs custom SMTP services. I wish to expose them on ports 2587 and 25.
My problem is that port 2587 is reachable via telnet but port 25 is not. I have already requested 25
I have a NLB LoadBalancer service in EKS that looks like this:
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"service.beta.kubernetes.io/aws-load-balancer-backend-protocol":"tcp","service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout":"300","service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled":"true","service.beta.kubernetes.io/aws-load-balancer-eip-allocations":"eipalloc-0e00cb13fa532a3bf,eipalloc-0fceb973a8518a71a","service.beta.kubernetes.io/aws-load-balancer-scheme":"internet-facing","service.beta.kubernetes.io/aws-load-balancer-type":"nlb-ip"},"name":"smtp2-server","namespace":"default"},"spec":{"ports":[{"name":"smtp","port":25,"protocol":"TCP","targetPort":2727},{"name":"smtpsslalt","port":2587,"protocol":"TCP","targetPort":2727},{"name":"smtpsslold2","port":2465,"protocol":"TCP","targetPort":2727},{"name":"smtpsslold","port":465,"protocol":"TCP","targetPort":2727},{"name":"smtpssl","port":587,"protocol":"TCP","targetPort":2727},{"name":"smtpalt","port":2525,"protocol":"TCP","targetPort":2525},{"name":"http","port":80,"protocol":"TCP","targetPort":8000},{"name":"httpalt","port":8000,"protocol":"TCP","targetPort":8000},{"name":"https","port":8443,"protocol":"TCP","targetPort":8443},{"name":"httpsalt","port":443,"protocol":"TCP","targetPort":8443}],"selector":{"component":"smtp2"},"type":"LoadBalancer"}}
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-eip-allocations: eipalloc-0e00cb13fa532a3bf,eipalloc-0fceb973a8518a71a
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
creationTimestamp: "2023-05-25T10:53:12Z"
finalizers:
- service.kubernetes.io/load-balancer-cleanup
- service.k8s.aws/resources
name: smtp2-server
namespace: default
resourceVersion: "491045698"
uid: 853c59cd-f7b7-408c-8404-5cda6a84d0ec
spec:
allocateLoadBalancerNodePorts: true
clusterIP: 172.20.216.245
clusterIPs:
- 172.20.216.245
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: smtp
nodePort: 31618
port: 25
protocol: TCP
targetPort: 2727
- name: smtpsslalt
nodePort: 32023
port: 2587
protocol: TCP
targetPort: 2727
- name: smtpsslold2
nodePort: 30528
port: 2465
protocol: TCP
targetPort: 2727
- name: smtpsslold
nodePort: 31557
port: 465
protocol: TCP
targetPort: 2727
- name: smtpssl
nodePort: 32165
port: 587
protocol: TCP
targetPort: 2727
- name: smtpalt
nodePort: 32140
port: 2525
protocol: TCP
targetPort: 2525
- name: http
nodePort: 32691
port: 80
protocol: TCP
targetPort: 8000
- name: httpalt
nodePort: 30157
port: 8000
protocol: TCP
targetPort: 8000
- name: https
nodePort: 30181
port: 8443
protocol: TCP
targetPort: 8443
- name: httpsalt
nodePort: 32623
port: 443
protocol: TCP
targetPort: 8443
selector:
component: smtp2
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- hostname: k8s-default-smtp2ser-1172550bfa-e1180ab2ebe1837c.elb.us-west-2.amazonaws.com
I have security groups that look like this:
},
{
"FromPort": 25,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.1.0/24"
},
{
"CidrIp": "10.0.0.0/24"
},
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow SMTP ingress"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 25,
"UserIdGroupPairs": []
}
Any ideas?
Sprache
English
gefragt vor einem Jahr425 Aufrufelg...
1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Sind diese Antworten hilfreich? Stimmen Sie der richtigen Antwort zu, damit die Community von Ihrem Wissen profitieren kann.
0
This may not matter for inbound communication, but for outbound, AWS blocks port 25.
Please follow the instructions in the following document to apply for port 25 to be unrestricted.
https://repost.aws/ja/knowledge-center/ec2-port-25-throttle
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 8 Monaten
- AWS OFFICIALAktualisiert vor 2 Jahren