I have got an authentication service. This service is behind an ingress (GKE in my case) for external API calls. When the signup function of the authentication service is called, it will send an email for email verification purpose. The link in this email has to point to the IP of ingress. In order to achieve that, my authentication service has to know the IP of the ingress. How can this be configured dynamically in k8s without storing the ingress IP[ address in a config file?
Many thanks in advance
Regards
Since by default GKE allocates ephemeral external IP address the simplest solution is to reserve static ip address. This can be done with new one or you can promote existing ephemeral IP to static one. With this solution the IP address is known in advance but the drawback of that the IP would have to be hardcoded into the application.
To avoid hardcoding this you could use nslookup to find ip address for this specific host. With this you should update your dns records with an address type record to point to you reserved static IP address. Please refer to your DNS service`s documentation on setting DNS A records to configure your domain name.
For more reading check how to configure static ip address.
The alternative way would be also to access the Kubernetes REST API directly and fetch the IP address from there. This depending on your architecture and application design will required appropriate authentication towards API.
Related
I was using the Google Stun server by IP 74.125.143.127, but since 21/09/2021 it seems Google changed the IP of DNS stun.l.google.com.
I know I should use DNS rather fixed IP.
Any guys have some confirmation about the IP change?
tks
I know I should use DNS rather fixed IP
Yes. That's the answer. Full stop. Don't hardcode IP addresses to services in your app. The whole point of DNS... well, you know this right?
Some recent DNS lookups:
stun.l.google.com: 74.125.197.127
stun1.l.google.com: 173.194.193.127
stun2.l.google.com: 172.253.112.127
stun3.l.google.com: 173.194.77.127
stun4.l.google.com: 172.217.215.127
Testing the old IP you referenced that's not in the DNS entries above:
>stunclient 74.125.143.127
Binding test: fail
Testing the IP address that's currently being returned:
>stunclient 173.194.193.127
Binding test: success
Local address: 192.168.1.18:55004
Mapped address: 1.2.3.4:55004
I built simple cluster in GKE with two services using this tutorial
https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app
After finishing that I'm able to access my service using external IP address. So I bought domain for using this IP address. After setup A record in DNS settings to that IP address, domain doesn't work, it still loads and then show ERR_CONNECTION_TIMED_OUT. Do I need to do something in google console, or how I can make this IP public and accessed through domain?
Please refer to official documentation, which describes steps you need to take to configure domain names with static IP.
There are steps that you need to cover:
Go to NETWORKING section at GCP console, than VPC Network -> External IP addresses to ensure that you are running static IP address, not ephemeral one.
Go to Network services -> Cloud DNS. You need to create DNS zone, where at DNS name line you have to wright your domain name. After creation you will see Add record set, where you need to paste your external IP address.
There is also a good tutorial at YouTube with setting up custom domain on GCP. Let me know if it works for you.
I created a VM instance and deployed my application. I can access the application through the given external IP address, but I want to access it with some domain, just like openshift provides a domain AAA.rhcloud.com, which we can use the access the projects from the VM.
Is it possible to do it easily without normal DNS and CNAME route?
Thanks,
Manish
Most IP addresses have a DNS address than you can find out with reverse DNS:
$ dig +short -x 104.197.1.2
2.1.197.104.bc.googleusercontent.com.
As you can see on GCE you can reverse the IP address and append bc.googleusercontent.com. Of course this is no easier to remember than the IP address itself.
Between GCE instances in the same project, you can also use INSTANCE_NAME.c.PROJECT_ID.internal, but this won't work from outside GCE.
Is it possible to get the external IP address for a POD? It doesn't appear to be populating in the environmental variables for a service, so I was wondering if there was another way to get that information.
Basically: I'm setting up a proftpd service, and it needs to send out its external ip as well as a port for passive communication. Right now, it's sending the local IP address which is causing FTP clients to fail.
The kubernetes service discovery mechanism (DNS or environment variable) doesn't populate the external IP.
One way to work around is to create a static IP first, then assign it to your service.
Or you can exec kubectl inside your cluster to get the external IP but that's nasty.
My internet connection has a dynamic IP adress which keeps changing every time the modem is restarted, so I have a hard time configuring the Authorized Networks in Access Control.
This is explained at https://cloud.google.com/sql/docs/access-control#dynamicIP .
Your options are, and I quote:
Use a proxy service so that your application appears to come from only one IP address. Add this address to the authorized networks that can connect to the instance.
Use a CIDR range that covers all of the IP addresses from which your service might connect.
Use the CIDR range 0.0.0.0/0, which allows all external IP addresses to connect.
The third and last option, despite its attractive simplicity has implications that may make it undesirable -- read the docs I'm pointing to.