2

I'm attempting to create an FTP service with Kubernetes via google cloud. I've created the docker image with and exposed the necessary ports with: EXPOSE 20 21 50000-52000.

I've run into several problems so far: The biggest involving port ranges. ProFTPD needs a good amount of ports available to be able to handle passive connections, so I'm not quite sure how to create a service that will allow this.

This lead me to this issue which mentions I should use the hostNetwork: true, but that doesn't help the fact that each service needs to have well defined ports. After some configuration changes, I was able to add the 2000 ports by defining them out manually. When I did this though, now google API returns an error when trying to create the load balancer because it only allows 100 ports in the array (But it does appear via the console they support ranges).

How do I go about adding this FTP service, and supporting the passive range?

Blue
  • 22,608
  • 7
  • 62
  • 92
  • You can use ProFTPD's [`PassivePorts`](http://www.proftpd.org/docs/directives/linked/config_ref_PassivePorts.html) directive to configure the range of ports to use for passive data transfers. Thus if you are only allowed 100 ports, you might try `PassivePorts 2048 2140`, for example. – Castaglia Jun 23 '16 at 14:53
  • I don't want to restrict my service to 100 ports though. I'll need the ports open when we get connections. – Blue Jun 23 '16 at 14:54
  • It depends very much on the behavior of the connecting clients, and how many clients you expect to have transferring data (via passive transfers) at any one time. You may find, _experimentally_, that 100 ports is sufficient. – Castaglia Jun 23 '16 at 14:55

1 Answers1

2

Kubernetes does not currently support port ranges. It's difficult to implement with the legacy (but still supported) userspace proxy.

I think there are a few GH issues open on this but https://github.com/kubernetes/kubernetes/issues/20420 is one.

Tim Hockin
  • 3,567
  • 13
  • 18
  • I created a comment on that post (Shortly after realizing you were the one asking for more info). I hope this use case offers another reason for kubernetes to look into port ranges for services. – Blue Aug 17 '16 at 18:44