stackoom
  简体   繁体   中英

Access external service from Kubernetes with consistent IP address

 原文  2022-11-16 15:34:08       amazon-web-services/ kubernetes/ routes/ rabbitmq/ amazon-eks

Question

I've set up a service and some pods in an AWS Elastic Kube.netes Service (EKS) cluster which access a RabbitMQ message service and PostgreSQL database hosted externally to the cluster. At the moment, I've opened up via AWS security groups access from all IPs (0.0.0.0/0) to these services as kube.netes assigns an IP for each node when it is created.

Ideally, I'd like to route traffic from Kube.netes to these services via one consistent "external Kube.netes IP" so I can add it in to each external services security group. Currently, from Googling around I haven't found a way to do this, is it possible?

For RabbitMQ I have the current Service and Endpoint set up, but I believe this is only for routing traffic through the Kube.netes cluster and not related to the external facing side of my cluster?

kind: Service
metadata:
  name: rabbitmq-service
spec:
  selector:
    app: job-wq-1
  ports:
    - port: 15672
      targetPort: 15672
      name: management-port
    - port: 5672
      targetPort: 5672
      name: data-port
  type: LoadBalancer
---
kind: Endpoints
apiVersion: v1
metadata:
  name: rabbitmq
subsets:
- addresses:
  - ip: 'rabbitmq.server.public.ip'
  ports:
  - port: 15672
    name: 'management-port'
  - port: 5672
    name: 'data-port'

2 answers

solution1
 0  2022-11-16 15:44:40

Do you mean the IP for the outgoing traffic?

If you're trying to create a LoadBalancer Service with a static external IP, you can use the loadBalancerIP field to use a reserved IP, such as an AWS Elastic IP.

https://kube.netes.io/docs/concepts/services.networking/service/#type-loadbalancer

solution2
 0  2022-11-17 08:34:31

Yes it is possible, but it is not simple.

What would you have to do is route your outbound traffic from the cluster through either a VPC Gateway, NAT Gateway, or some other EC2 instance whose purpose will be to act as a NAT. That instance can then be given a static IP which you can then whitelist at the destination (so no need to use 0.0.0.0/0)

We use a similar setup in GKE to allow us to spin up a GKE Cluster, run a workload in that, but have a known fixed IP the remote server will recognise and allow to connect.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to access workload at the IP address of the Kubernetes Service Kubernetes LoadBalancer service not getting ELB external IP address How do I get the External IP of a Kubernetes service as a raw value? Retrieve PubSub Schema from external IP address with API Key Cannot access the IP create by google kubernetes engine (GKE) after exposing it as service Flask not working on Kubernetes (GKE) Load balancer IP address Though external ip is resolved, the website returns connection timedout in kubernetes GKE Cloud Run Service not picking up client correct IP address How to prevent user access to IP address for a website hosted in GCP? ECS Fargate - Can a container access its own Public IP address
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM