1

I have a phpmyadmin service running on kubernetes cluster. I want to reserve an External IP (static) on google cloud to use with this service so that it could be reachable from the internet. I have tried reserving an IP address on GCP and used it in the kubernetes service file as below:

apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert
    kompose.version: 1.21.0 (992df58d8)
  creationTimestamp: null
  labels:
    io.kompose.service: phpmyadmin
  name: phpmyadmin
spec:
  externalIPs: [xx.xxx.xxx.xxx]  #the external IP from Google cloud
  ports:
  - name: "8080"
    port: 8080
    targetPort: 80
  selector:
    io.kompose.service: phpmyadmin
status:
  loadBalancer: {}

When I specify the spec.type: LoadBalancer then the service is accessible from the internet with the default IP address that is generated from the type: LoadBalancer .

I tried to change firewall rules for the External IP address by allowing Ingress on port 8080, but that did not work.

Kavya
  • 105
  • 1
  • 15

2 Answers2

3

Instead of setting the exteranlIPs, you should set the spec.loadBalancerIP with the spec.type being of LoadBalancer value:

apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert
    kompose.version: 1.21.0 (992df58d8)
  creationTimestamp: null
  labels:
    io.kompose.service: phpmyadmin
  name: phpmyadmin
spec:
  ports:
  - name: "8080"
    port: 8080
    targetPort: 80
  selector:
    io.kompose.service: phpmyadmin
  type: LoadBalancer
  loadBalancerIP: "YOUR_IP_ADDRESS"
status:
  loadBalancer: {}

Note that exposing your Pods through an external static IP only supports regional load balanced traffic hence your reserved static IP address needs to be regional.

For a global IP address, you need to expose a HTTP(s) Load Balancer through an Ingress object.

tmarwen
  • 15,750
  • 5
  • 43
  • 62
0

Firewall rules are applied at the Instance level. they cannot prevent traffic from reaching the Load Balancer itself.

Reference : https://cloud.google.com/load-balancing/docs/https/#firewall_rules

Your GKE LB service might be crating the HTTP Load balancer by default maybe you can checkout the NLB Load balancer : https://cloud.google.com/load-balancing/docs/choosing-load-balancer#summary-of-google-cloud-load-balancers

All port : https://cloud.google.com/kubernetes-engine/docs/how-to/service-parameters#all_ports

apiVersion: v1
kind: Service
metadata:
  name: helloworld
  labels:
    app: helloworld
  annotations:
    cloud.google.com/neg: '{"exposed_ports": {"8080":{}}}'
spec:
  ports:
  - name: 8080-8080
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: helloworld
  # Use LoadBalancer type instead of ClusterIP
  type: LoadBalancer

Example : https://spring-gcp.saturnism.me/deployment/kubernetes/load-balancing/external-load-balancing

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102