1

We have a microservice application, which uses paid software to do some specific operations. This software uses online license verification to function properly.

As customer Kubernetes cluster is in the VPC, which doesn't have access to the internet, this online license verification is impossible without forwarding it to the proxy machine, which can reach license server domain.

The license server is located on specific domain, therefore this traffic must be routed from the container of the microservice to a proxy machine.

Only this proxy machine has access to the internet and should forward this traffic to the license server of the software vendor.

In the VM world it could be done like this:

sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination ip:port
iptables -t nat -A POSTROUTING -j MASQUERADE

However what's the recommended way to do it in a Kubernetes cluster.

Here is a simple diagram of the desired communication between all services: enter image description here

UPDATE: Unfortunately URL of the external license server is hardcoded into the paid library and can't be overwritten.

mflame
  • 137
  • 1
  • 2
  • 9
  • You can create a service for your application deployment and assign a **clusterIP** to it. Now just add the iptable rules in the nodes like you did in the VM. You can also create a simple deployment and have an external nginx server or vm redirect traffic from kubernetes cluster to the internet(Since nginx itself acts as a proxy). – Kranthiveer Dontineni May 03 '23 at 06:34
  • is your issue resolved.. revert back if you are still facing any issues so that we can assist you.. – Kranthiveer Dontineni May 04 '23 at 07:04

1 Answers1

0

If the url of external vendor is not hardcoded, you can use ExternalName services in kubernetes. so you can assign a CNAME to an external ip address, and use the CNAME in your application as the url of external vendor:

kind: Service
apiVersion: v1
metadata:
  name: myvendor
spec:
  type: ExternalName
  externalName: x.x.x.x <-- IP Address

then use myvendor as url in your applicaion. it will be handled by internal kubernetes dns server.

Aref Riant
  • 582
  • 3
  • 14