Kubernetes externalip Introduction

How to expose services is a very important and confusing problem

A basic general rule here is

If you need to communicate on the TCP layer (L4), use nodeport (typical application is MySQL)

If you only need to communicate over HTTP or HTTPS (L7), use ingress (the typical application is nginx)

Most HelloWorld programs will simply and brutally use nodeport. It is easy to use and can be used in almost any case, but it is not elegant. Ingress gracefully solves some problems with the help of reverse proxy service, but it can not support L4 layer network communication

However, most documents and books rarely mention external IP, and even the official documents are very vague.

If there are external IPs that route to one or more cluster nodes, Kubernetes Services can be exposed on those externalIPs. Traffic that ingresses into the cluster with the external IP (as destination IP), on the Service port, will be routed to one of the Service endpoints. externalIPs are not managed by Kubernetes and are the responsibility of the cluster administrator.

deploy a MySQL

create a nodeport service

You can see that 30686 has been opened and can connect to the database normally

To create a service of externalip, you need to create a service of type clusterip, and then add externalip

  - name: default
    port: 3306
    protocol: TCP
    targetPort: 3306
    workloadID_mysqle: "true"
  sessionAffinity: None
  type: ClusterIP
  loadBalancer: {}

Does it seem strange that it is an externalip, but the type is clusterip

Externalip allows you to directly use IP plus 3306 to connect to MySQL without using the weird looking high port (30686)

The advantage of externalip is

You can directly use IP + original port to access the service

The disadvantages are also obvious

No high availability and no load balancing

External IP is not managed by a cluster. IP also needs manual control. You have to do a lot of manual work

Here, load balancing and high availability can be handled by a portal or Robin DNS. Of course, complex health check and circuit breaker mechanisms may be required to reach the commercial level

Send a Message