0

I was trying to apply service externalIPs feature on EKS cluster.

What I do

I've created EKS cluster with eksctl:

eksctl create cluster --name=test --region=eu-north-1 --nodes=1

I've opened all security groups to make sure I don't have issue with firewall. ACL also allow all traffic. I took public IP for the only available worker node and try to use it with simple service + deployment. This should be only 1 deployment with 1 replicaset and 1 pod with nginx. This should be attached to a service with external/public IP everyone can reach.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: app
  template:
    metadata:
      labels:
        app: app
    spec:
      containers:
        - name: nginx
          image: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: app
  labels:
    app: app
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    app: app
  externalIPs:
    - 13.51.55.82

When I apply it then everything seems to work just fine. I can port-forward my app service to localhost and I can see the output (kubectl port-forward svc/app 9999:80 -> curl localhost:9999).

But the problem is I cannot reach this service via public IP.

$ kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
app          ClusterIP   10.100.140.38   13.51.55.82   80/TCP    49m
kubernetes   ClusterIP   10.100.0.1      <none>        443/TCP   62m

$ curl 13.51.55.82:80
curl: (7) Failed to connect to 13.51.55.82 port 80: Connection refused

Thoughts

For me it looks like the service is not connected to node itself. When I ssh to the node and setup simple web server on port 80 it respond immediately.

I know I can use NodePort but in my case I want finally use fixed port 4000 and NodePort allow me only to use ports in range 30000-32768.

Question

I want to be able to curl my service via public IP on certain port below 30000 (NodePort doesn't apply). How can I make it work with Kubernetes Service externalIPs on EKS cluster?

Edit I:

FYI: I do not want to use LoadBalancer.

sobi3ch
  • 2,555
  • 2
  • 31
  • 41
  • 2
    I don't think external services works as you expect. External services are meant to map a dns entry used within the cluster to an outside-the-cluster, like you have Postgres outside your cluster for which you have an ip address, then you can create a service called "postgres" in your cluster that your pods can use. The alternatives you have are NodePorts (which reside on the node where they are deployed) or LoadBalancers. Last but not least, you can choose to use ingresses but I don't know If this can apply to your case. – verodigiorgio May 04 '21 at 20:19
  • Thank you @verodigiorgio for your answer. I was suspecting I don't fully understand this concept. – sobi3ch May 05 '21 at 07:50
  • You are correct, ExternalIPs are used for mapping internal services without the need of LB, but in order to use it, you should ensure that you have add the public IP to your node, that security groups are not blocking the port, and that you container allows the usage of that CIDR (take a look of step 5 at -> https://docs.aws.amazon.com/eks/latest/userguide/restrict-service-external-ip.html) – AndresG Aug 24 '23 at 08:21

0 Answers0