Reputation: 994
How can we expose Kubernetes services to the public in AWS without using LoadBalancers?
I'm Running a Kubernetes cluster on AWS using Kops for the first time and I need some help in exposing the services to the public with an AWS managed domain name and an SSL certificate.
The cluster is running in a private VPC and I can access it through a bastion instance.
Right now I'm exposing the services to the public using LoadBalancer service type as follow:
apiVersion: v1
kind: Service
metadata:
name: my-gateway-service
namespace: {{ .Values.nameSpace }}
labels:
app: gateway
tier: backend
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: 'http'
service.beta.kubernetes.io/aws-load-balancer-ssl-port: '{{ .Values.services.sslPort }}'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: '{{ .Values.services.sslCert }}'
spec:
type: LoadBalancer
selector:
app: gateway
tier: backend
ports:
- name: http
port: 80
targetPort: {{ .Values.applications.nodeAppPort }}
- name: https
port: 443
targetPort: {{ .Values.applications.nodeAppPort }}
as you can see I'm passing the SSL certificate using annotations then I will just point the domain name to loadBalancer public ingress and done.
The Problem:
This Project is a micro-services project and requires a lot of services to be exposed to the public in different environments which means a lot of AWS LoadBalancers and a lot of Money $$$$.
I've tried NodePort and ExternalName services but none of them worked because of the private VPC.
Any suggestions to overcome this problem?
Upvotes: 0
Views: 729
Answers (2)
Reputation: 9604
To solve this, you can point your LoadBalancer to a "reverse-proxy" service such as an NGINX instance or Istio's Gateway (https://istio.io/docs/reference/config/istio.networking.v1alpha3/#Gateway), the Ingress controller and other options.
That way when you hit https://[your_service_url]/[path] you can build rules which route to the correct internal service in Kubernetes based on the actual values of your_service_url or path.
That way you only pay for 1 Load Balancer, but can host many services in the cluster.
Upvotes: 1
Reputation: 4742
Look into Ingress Controllers. It's basically an nginx instance that's configured programmatically via annotations. There are several others available too (e.g., kong)
Upvotes: 1
Related Questions
- Kubernetes on AWS cloud provider
- True LoadBalancing in Kubernetes?
- Kubernetes support for Internal Load Balancers in AWS
- Kubernetes - load balance multiple services using a single load balancer
- How to create application load balancer to expose kubernetes cluster
- Exposing kubernetes clusteer to "the world" without Load Balancer of cloud provider
- Exposing a K8s TCP Service Endpoint to the Public Internet Without a Load Balancer
- Creating an internal load balancer
- How to create application load balancer on aws for kubernetes
- how to setup loaderbalancer service of kubernetes in AWS