I need to install a IPV6 haproxy docker in IBM Cloud Kubernetes service. All info I see is just about IPV4. I don't even know if IBM Kubernetes supports IPV6 so I can support IPV6 requests in my docker instance deployed in one of my cluster nodes.
Thanks for any help on this.
IBM Cloud Kubernetes Service does not use IPV6 for cluster services.
Related
Scenario: We have a client outside a K8s cluster trying to access a GRPC service hosted inside a K8s cluster. Both the client and the service are part of the same VNET in Azure. We would like to use client-side load balancing for accessing this GRPC service.
Setup of our K8s cluster: Our K8s cluster is hosted inside an Azure VNET and uses Azure CNI networking model, so this means the pods in our cluster have the IP addresses from the VNET's IP address space. Please note we are not using AKS and are self-hosting the K8s cluster, but this whole question should not depend on this in my opinion.
Questions:
We would like to use client-side load balancing for accessing this GRPC service. If both our client and server were present inside the K8s cluster, then we could have used K8s headless service to get list of IP addresses. But in this case since client is outside the K8s cluster, we are looking for solutions on how to retrieve the IP addresses outside the K8s cluster?
Can K8s cluster create DNS records in a DNS server which is hosted outside the K8s cluster so that the client which is outside the K8s cluster can access the list of IP addresses from it?
Thanks for your help!
I found that I could solve the issue by using Extenral DNS. After wiring up my cluster with External DNS (which was linked to a Azure Private DNS zone), I created a headless service and found that on deployment of this service, DNS records were created in the Azure Private DNS zone. I was able to get the list of IP addresses of the pods by just doing a DNS lookup of the service's DNS name.
How can I connect to VM's running in GCP compute engine from Kubernetes pod? I have setup a proxy server in Compute Engine and I need to use that from within pods.
This communication needs to be using internal IP. I have allowed firewall rules to allow all internal IP.
Any suggestions on how to connect from pods to gcp vm's?
You can create an internal load balancer in GCP and connect VM or you can use the VPC peering if in a different network.
If your GKE and VM are in the same network you can use the internal IP of your VM to connect with.
From inside of POD you can send curl requests to the VM over internal IP.
OR
If your GKE and GCP VM both are in the different networks you can use the VPC peering to connect both networks and use the internal IP of VM from POD.
So I have a kubernetes cluster running in Google Cloud. And from pods inside the cluster I need to access an external DB which has IP whitelisting configured. It seems that I need a static, shared IP for the cluster's outgoing traffic, what's the best approach?
Setting up a service IP seems irrelevant as that's for inbound traffic. I looked into Cloud NAT and it seems promising, but I'm not exactly sure about how to set that up. Any docs/tutorial would be helpful, thanks!
According the docs when traffic goes out of a kubernetes cluster in GKE it will get SNATed with the IP of the node. So you could whitelist the IPs of all GKE kubernetes cluster nodes.
Here is some best practices on connecting to external services from Kubernetes cluster. An example for connecting to Cloud SQL from Google Kubernetes Engine.
An example setup of Cloud NAT on GKE.
I have Kubernetes Cluster v1.10 Over Centos 7 Over OVH Cloud Provider's Servers .
As I knew OVH does not Provide Loadbalancer Component Directly to Kubernetes
And I want to buy Loadbalancer Component From OVH From this Link and connect to kubernetes Cluster .
Can I connect Loadbalancer to Kubernetes?
And is there any tutorial?
Thank You :D
Yes.
You can follow this guide from OVH in terms setting up your load balancer.
And in terms of Kubernetes you'd either want to create a Kubernetes Ingress exposed on a NodePort, this is a good tutorial for that, or you can also expose your services directly on a NodePort and point your load balancer's backend to all the nodes in your cluster on that specific NodePort.
I would also familiarize with the Services abstraction in Kubernetes.
Yes, you can.
How, on the other side, is not an obvious one. My suggestion would be to make it part of your kubernetes infra provisioning with terraform. Using https://www.terraform.io/docs/providers/ovh/r/iploadbalancing_tcp_farm_server.html you can manage endpoints for your loadbalancer based on instances / hosts provisioned either manually or with openstack provider. That's how I do it on our OVH Kube cluster.
Starting to experiment with Kubernetes (v1.3.2) I've created an on-premise cluster of 3 CentOS 7 VMs. As I understand, the internal communication in the cluster is by default using flannel overlay network.
Is it possible to secure all the intenal communication in the cluster by setting flannel to use TLS?