0

I am attempting to route client's requests to a specific pod (ingress) for TLS termination. The path way looks like the following:

client request to https://172.16.0.20:8000 (this cannot change) -> k8s ingress pod (terminate tls) -> route traffic to external service outside the cluster as http

I am able to get a successful response if I test it with kubectl port-forward and curl the port that is being forwarded, however, from my understanding this is not intended for production use. I also know that ingresses only can listen on port 80 and 443, however client's need to make a request to https://172.16.0.20:8000 (this cannot change). I have tried using iptables to REDIRECT traffic to the NodePort, however, that didn't work and there is a detailed explanation here .

My question is, is there another way we can allow traffic to a cluster with client making a request to a specific ip and port?

tiger_groove
  • 956
  • 2
  • 17
  • 46
  • I guess you need to use a reverse proxy on that server. – The Fool Apr 01 '22 at 18:41
  • Could you elaborate more, are you saying the reverse proxy that sits in front of the k8s cluster that proxies the traffic to the Ingress? – tiger_groove Apr 01 '22 at 19:10
  • 1
    Yes, that's what I am saying. That's more or less what happens when you request a service with type load balancer in the cloud. Other option is to use nodeport, but you cannot bind to 8000 it needs to be minimum 30000. You could do something like NAT redirect, in that case. – The Fool Apr 01 '22 at 19:15
  • I tried doing DNAT or REDIRECT to the Nodeport but like i said in the post it request just hangs, and seems to be related to this answer: https://serverfault.com/a/1042876/488924 , have you tried doing a DNAT to a NodePort before? – tiger_groove Apr 01 '22 at 19:21
  • 1
    if it turns out to be tricky, maybe go with the reverse proxy approach. – The Fool Apr 01 '22 at 19:39

0 Answers0