1

I am trying to set up a multi-cluster deployment in which there are multiple clusters and one ingress is load balancing the requests between them.

HTTP services work well with the set-up the problem here is the sftp server.

Referring to this answer and this documentation I am trying to access port 22 of the sftp service.

Deployment of sftp is being exposed on port 22. Below is the manifest:

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: sftp
  labels:
    environment: production
    app: sftp
spec:
  replicas: 1
  minReadySeconds: 10
  template:
    metadata:
      labels:
        environment: production
        app: sftp
      annotations:
        container.apparmor.security.beta.kubernetes.io/sftp: runtime/default
    spec:
      containers:
        - name: sftp
          image: atmoz/sftp:alpine
          imagePullPolicy: Always
          args: ["user:1001:100:upload"]
          ports:
            - containerPort: 22
          securityContext:
            capabilities:
              add: ["SYS_ADMIN"]
          resources: {}


Here is the simple manifest for the sftp-service using NodePort service:

apiVersion: v1
kind: Service
metadata:
  labels:
    environment: production
  name: sftp-service
spec:
  type: NodePort
  ports:
  - name: sftp-port
    targetPort: 9000
    port: 9000
    nodePort: 30063
    protocol: TCP
  selector:
    app: sftp

ConfigMap create to referring to the above mentioned documentation and answer looks like below:

apiVersion: v1
kind: ConfigMap
metadata:
  name: sftp-service
data:
  9000: "default/sftp-service:22"

And finally the ingress manifest is something like below:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-foo
  annotations:
    kubernetes.io/ingress.global-static-ip-name: static-ip
    kubernetes.io/ingress.class: gce-multi-cluster
spec:
  backend:
    serviceName: http-service-zone-printer
    servicePort: 80
  rules:
  - http:
      paths:
      - path: /sftp
        backend:
          serviceName: sftp-service
          servicePort: 22
  template:
    spec:
      containers:
        - name: proxy-port
          args:
            - "--tcp-services-configmap=default/sftp-service"

I feel, I have not understood the way to expose the TCP/UDP port for sftp server on kubernetes using ingress. What am I doing wrong here?

Is there any other way to simple setup an sftp using ingress and NodePort service in a multicluster deployment?

Here is the official document I am referring to do the set-up.

Amit Yadav
  • 4,422
  • 5
  • 34
  • 79
  • Why is your containerPort set to 80 but the service targetPort set to 9000? These two values should be the same. plus the ingress is targetting the service port 22 which the service is not using – Patrick W Jul 18 '19 at 16:35
  • Did you manage to solve this? Would love to see the solution – mr.bjerre Sep 08 '21 at 06:21

2 Answers2

-1

looks like this isn't supported with ingress which is the reason that this issue exist

A possible solution could be to use nodeport for sftp as described in this document

Wytrzymały Wiktor
  • 11,492
  • 5
  • 29
  • 37
Aleksandar
  • 2,442
  • 3
  • 15
  • 24
  • I am already using NodePort service to expose the sftp deployment. Please the manifests I have provided in the question. – Amit Yadav Jul 18 '19 at 08:44
  • Ah sorry I have overseen it. What's the output when you make a `sftp -v -v -oPort=30063 ...` ? – Aleksandar Jul 18 '19 at 09:08
  • Port 9000 is exposed via the ingress controller, not 30063, so doing `sftp -vvvoPort=9000 user@130.211.43.104` gives this output: `OpenSSH_7.4p1 Debian-10+deb9u6, OpenSSL 1.0.2s 28 May 2019 \n debug1: Reading configuration data /etc/ssh/ssh_config \n debug1: /etc/ssh/ssh_config line 19: Applying options for * \n debug2: resolving "130.211.43.104" port 9000 \n debug2: ssh_connect_direct: needpriv 0 \n debug1: Connecting to 130.211.43.104 [130.211.43.104] port 9000.` And gets stuck. [I have added **\n** to indicate a new line.] – Amit Yadav Jul 18 '19 at 12:01
-2

You need to run an HTTP server.

You can run an HTTP server that exposes the same files maybe with a side container in the same pod

EnzoAT_
  • 393
  • 1
  • 4
  • The objective of the question is not to host files using any (HTTP / HTTPS) server but to set up an sftp server. – Amit Yadav Jul 18 '19 at 08:45
  • Can't expose a port and bypass the protocol attribute, currently ftp it's not supported, only on Nodeport you can do that – EnzoAT_ Jul 18 '19 at 08:57