如何在Kubernetes中为容器分配外部IP地址？

Question

I'm new to Kubernetes but was able to easily create my own Kubernetes cluster using Kubespray . Furthermore I made myself familiar with Kubernete's terminology/concepts and therefore was able to create an example Pod/Deployment which runs as expected. Unfortunately I'm not able to access my Containers from the external network which is within my company's intranet. I'm not allowed to post the actual IP addresses so I'll use a fictive intranet of 47.11.xy

My cluster consists of 3 bare metal nodes:

Master (47.11.91.155)
Node1  (47.11.91.97)
Node2  (47.11.91.98)

Furthermore I own the additional intranet IP address 47.11.91.101 which I want to use in order to access my-example application. I tried several commands in various combinations which I found in the official docs as well as other SO articles but was only able to forward the application's port 4711 to my local workstation using

kubectl port-forward my-example-67795fd77d-mkrhw  4711:4711

This works fine if I do an nc localhost 4711 afterwards at least to prove that I fundamentally set up my stuff "correctly". The application successfully writes my input from nc's STDIN to the mounted file /my-data/my-data.txt (/tmp/my-data.txt) on the node's filesystem and is able to pull my custom Docker image from my private Docker registry ( 47.11.91.42 ) which therefore is located on the intranet as well.

Could you please explain me what I would have to do in order to connect my-example with the official external intranet IP address 47.11.91.101 so I can access my-example using something like this:

nc 47.11.91.101 4711

My definition file looks like this:

apiVersion: apps/v1beta1
kind: Deployment

metadata:
  name: my-example
  labels:
    app: my-example

spec:
  replicas: 1
  template:
    metadata:
      name: my-example
      labels:
        app: my-example

    spec:
      containers:
      - name: my-example
        image: my.private.docker.registry:5002/my-example:latest
        imagePullPolicy: IfNotPresent
        command: ["echo", "The example is working correctly within Kubernetes."]

      - name: my-example-port
        image: my.private.docker.registry:5002/my-example:latest
        imagePullPolicy: Always
        ports:
        - name: myport
          containerPort: 4711
        resources:
          requests:
            cpu: 512m
            memory: 512Mi
        command: ["/bin/bash","-c","nc -k -l 4711 > /my-data/my-data.txt"]
        volumeMounts:
        - mountPath: /my-data
          name: data

      volumes:
      - name: data
        hostPath:
          path: /tmp
          type: Directory
      imagePullSecrets:
      - name: my-priavte-docker-secrets

---
apiVersion: v1
kind: Service

metadata:
  name: my-example-service
  labels:
    app: my-example

spec:
  selector:
      app: my-example

  ports:
  - port: 4711
    targetPort: 4711
    protocol: TCP
  externalIPs:
  - 47.11.91.101

It's created using kubectl create -f my-example-deployment.yml .

Please let me know if you need further information. Thanks in advance!

Answer 1

You can achieve what you want by using a Load Balancer and force it to use your fourth IP 47.11.91.101, if you ware using a supported cloud provider (not sure about your intranet in bare-metal though). This seems to be added by https://github.com/kubernetes/kubernetes/pull/13005 .

https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

Some other useful resources:

https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/

https://kubernetes.io/docs/tutorials/stateless-application/expose-external-ip-address/

https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/