By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EKS services not honoring IPEXTERNALSERVICE tag for external address

0

Hi,

I have a POD that receives connections on the TCP port 1352. Unfortunately, that is a custom server app, and that port cat not be changed . The client always tries to use 1352 to connect to the server.

I tryed to connect to that POD remotely, from internet. To do, i created the following service:

apiVersion: v1
kind: Service
metadata:
  name: domino-nrpc

spec:
  selector:
    app: hcl-domino
  ports:
  - name: nrpc
    protocol: TCP
    port: 1352
  externalIPs:
  - 18.101.94.170

Please note I configured as EXTERNALIP the IP Public address assigned to the EC2 instance where the nodeis running. I also ensured that there was security group assigned to that EC2 instance allowing inbound traffic on port 1352.

However, when externally I tryed to connect to that port, I was unable to reach it. If I do a kubectl port-forward service/domino-nrpc 1352:1352 I am unable to use my local 127.0.0.1 address to access that service, but I want to be able to do the same from internet, trought the IP 18.101.94.170 exposed above using externalIPs Can you please let me known why externalIPs is not working ?


However,  If I check the pods, it seems that the external IP is recognized, but it does not work.

$ kubectl get all
NAME           READY   STATUS    RESTARTS   AGE
pod/domino12   1/1     Running   0          103m

NAME                  TYPE        CLUSTER-IP       **EXTERNAL-IP **    PORT(S)    AGE
service/domino-nrpc   ClusterIP   10.100.134.184   **18.101.94.170**   1352/TCP   7s
service/kubernetes    ClusterIP   10.100.0.1       <none>          443/TCP    5h44m
Topics
ContainersNetworking & Content Delivery
Tags
Amazon Elastic Kubernetes ServiceElastic Load Balancing
Language
English
Andres
asked 8 months ago165 views
1 Answer
0

Hi,

What are the rationale in having it done this way? I would suggest to use LoadBalancer type to expose your service to the Internet. Having it you will be able to have:

  • your node group in the private subnet
  • static IP address instead of having service bound to the one node to have the same
  • potential HA if application you are running is supporting multiple instances at time
apiVersion: v1
kind: Service
metadata:
  name: domino-nrpc
spec:
  type: LoadBalancer
profile picture
EXPERT
Dmytro Sirant
answered 8 months ago
  • Andres
    8 months ago

    Unfortunately, I can not use Load Balancer.

    Problem with Load Balancer is that I can not specify a target port on TCP 1352. Target Port should start at 30000.

    And my pod has to listen, internaly and externaly, on port 1352. I can not change that.

    Is similiar to having a POD with an SMTP Server that should listen on port 25 and you can not change that port since external clients would no be able to connect it...

    I do not care to tie the pod to an specific node.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content