I'm deploying an grpc application that uses tls application ( grpcs to be precise). App is deployed to kube.netes cluster in AWS cloud created using Kops tool. I'm using self signed certs for auth (by now). The problem is I can't find any guideline on how to properly expose such service to outer world . There are bits and pieces here and there, but nothing that seems to do what I want. Additional level of complexity - I need to expose several ports on same service, so I can't use Ingress rules for k8s as my client application restricts using any paths in urls and requires me to specify only host and port. Inside cluster everything is setup and works as expected with authorisation and proper DNS resolution.
So ideally I want:
Thank you very much for your time!
Ok. Thank was enough to fix the issue. Notice the annotation section.
apiVersion: v1
kind: Service
metadata:
name: my-service
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "9999"
spec:
ports:
- port: 9999
targetPort: 9999
protocol: TCP
selector:
app: my-service
type: LoadBalancer
Then I had to add A record with balancer dns name to Route 53, and it worked.
Over the time, I've reiterated on the solution and found external-dns sidecar container that watches all services appearing in the cluster, searches for certain annotation and creates Route53 records automatically. I could only make it work with KIAM sidecar container that manages roles for cluster nodes. Both dependencies proved to perform well in production.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.