I have an EKS cluster that runs custom SMTP services. I wish to expose them on ports 2587 and 25.
My problem is that port 2587 is reachable via telnet but port 25 is not. I have already requested 25
I have a NLB LoadBalancer service in EKS that looks like this:
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"service.beta.kubernetes.io/aws-load-balancer-backend-protocol":"tcp","service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout":"300","service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled":"true","service.beta.kubernetes.io/aws-load-balancer-eip-allocations":"eipalloc-0e00cb13fa532a3bf,eipalloc-0fceb973a8518a71a","service.beta.kubernetes.io/aws-load-balancer-scheme":"internet-facing","service.beta.kubernetes.io/aws-load-balancer-type":"nlb-ip"},"name":"smtp2-server","namespace":"default"},"spec":{"ports":[{"name":"smtp","port":25,"protocol":"TCP","targetPort":2727},{"name":"smtpsslalt","port":2587,"protocol":"TCP","targetPort":2727},{"name":"smtpsslold2","port":2465,"protocol":"TCP","targetPort":2727},{"name":"smtpsslold","port":465,"protocol":"TCP","targetPort":2727},{"name":"smtpssl","port":587,"protocol":"TCP","targetPort":2727},{"name":"smtpalt","port":2525,"protocol":"TCP","targetPort":2525},{"name":"http","port":80,"protocol":"TCP","targetPort":8000},{"name":"httpalt","port":8000,"protocol":"TCP","targetPort":8000},{"name":"https","port":8443,"protocol":"TCP","targetPort":8443},{"name":"httpsalt","port":443,"protocol":"TCP","targetPort":8443}],"selector":{"component":"smtp2"},"type":"LoadBalancer"}}
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-eip-allocations: eipalloc-0e00cb13fa532a3bf,eipalloc-0fceb973a8518a71a
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
creationTimestamp: "2023-05-25T10:53:12Z"
finalizers:
- service.kubernetes.io/load-balancer-cleanup
- service.k8s.aws/resources
name: smtp2-server
namespace: default
resourceVersion: "491045698"
uid: 853c59cd-f7b7-408c-8404-5cda6a84d0ec
spec:
allocateLoadBalancerNodePorts: true
clusterIP: 172.20.216.245
clusterIPs:
- 172.20.216.245
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: smtp
nodePort: 31618
port: 25
protocol: TCP
targetPort: 2727
- name: smtpsslalt
nodePort: 32023
port: 2587
protocol: TCP
targetPort: 2727
- name: smtpsslold2
nodePort: 30528
port: 2465
protocol: TCP
targetPort: 2727
- name: smtpsslold
nodePort: 31557
port: 465
protocol: TCP
targetPort: 2727
- name: smtpssl
nodePort: 32165
port: 587
protocol: TCP
targetPort: 2727
- name: smtpalt
nodePort: 32140
port: 2525
protocol: TCP
targetPort: 2525
- name: http
nodePort: 32691
port: 80
protocol: TCP
targetPort: 8000
- name: httpalt
nodePort: 30157
port: 8000
protocol: TCP
targetPort: 8000
- name: https
nodePort: 30181
port: 8443
protocol: TCP
targetPort: 8443
- name: httpsalt
nodePort: 32623
port: 443
protocol: TCP
targetPort: 8443
selector:
component: smtp2
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- hostname: k8s-default-smtp2ser-1172550bfa-e1180ab2ebe1837c.elb.us-west-2.amazonaws.com
I have security groups that look like this:
},
{
"FromPort": 25,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.1.0/24"
},
{
"CidrIp": "10.0.0.0/24"
},
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow SMTP ingress"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 25,
"UserIdGroupPairs": []
}
Any ideas?