Access external IP address from service - kubernetes

Is it possible to get the external IP address for a POD? It doesn't appear to be populating in the environmental variables for a service, so I was wondering if there was another way to get that information.
Basically: I'm setting up a proftpd service, and it needs to send out its external ip as well as a port for passive communication. Right now, it's sending the local IP address which is causing FTP clients to fail.

The kubernetes service discovery mechanism (DNS or environment variable) doesn't populate the external IP.
One way to work around is to create a static IP first, then assign it to your service.
Or you can exec kubectl inside your cluster to get the external IP but that's nasty.

Related

Access ingress IP from a pod

I have got an authentication service. This service is behind an ingress (GKE in my case) for external API calls. When the signup function of the authentication service is called, it will send an email for email verification purpose. The link in this email has to point to the IP of ingress. In order to achieve that, my authentication service has to know the IP of the ingress. How can this be configured dynamically in k8s without storing the ingress IP[ address in a config file?
Many thanks in advance
Regards
Since by default GKE allocates ephemeral external IP address the simplest solution is to reserve static ip address. This can be done with new one or you can promote existing ephemeral IP to static one. With this solution the IP address is known in advance but the drawback of that the IP would have to be hardcoded into the application.
To avoid hardcoding this you could use nslookup to find ip address for this specific host. With this you should update your dns records with an address type record to point to you reserved static IP address. Please refer to your DNS service`s documentation on setting DNS A records to configure your domain name.
For more reading check how to configure static ip address.
The alternative way would be also to access the Kubernetes REST API directly and fetch the IP address from there. This depending on your architecture and application design will required appropriate authentication towards API.

GKE Kubernetes external domain provider

I built simple cluster in GKE with two services using this tutorial
https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app
After finishing that I'm able to access my service using external IP address. So I bought domain for using this IP address. After setup A record in DNS settings to that IP address, domain doesn't work, it still loads and then show ERR_CONNECTION_TIMED_OUT. Do I need to do something in google console, or how I can make this IP public and accessed through domain?
Please refer to official documentation, which describes steps you need to take to configure domain names with static IP.
There are steps that you need to cover:
Go to NETWORKING section at GCP console, than VPC Network -> External IP addresses to ensure that you are running static IP address, not ephemeral one.
Go to Network services -> Cloud DNS. You need to create DNS zone, where at DNS name line you have to wright your domain name. After creation you will see Add record set, where you need to paste your external IP address.
There is also a good tutorial at YouTube with setting up custom domain on GCP. Let me know if it works for you.

If external-ip of coturn is only used for aws?

https://github.com/coturn/coturn/blob/c4477bfddd2cd51de1ad37032ca88330f3c44ed6/docker/coturn/turnserver.conf#L100
In turnserver.conf , I see a world " For Amazon EC2 users", if the external-ip is only used for aws?
I let the stun server run in the k8s cluster, and then expose it to the public network with the nodeport service, but the srflx returned by stun is a gateway address, not the external-ip which I set. My k8s cluster runs on Alibaba Cloud.
I hope someone can help me solve this problem, thank you!!!
AWS EC2 instances, for the most part, run behind a NAT. Even if you've assigned a public IP address (e.g. 1.2.3.4) via the AWS Console, the instance only knows about the private network its on and is unaware of the public IP address assigned to it. That is, the instance thinks its IP address is 172.31.5.6 because that's what the Operating System discovered at boot time. Port forwarding enables certain TCP and UDP ports to be forwarded from the public IP address to the private IP address that the EC2 instance is running on.
This typically isn't a problem for most services run on an AWS EC2 instance. With STUN running in full "2 IP address and 2 port mode", the server needs to advertise its alternate IP address back to the client, should the client want to conduct NAT behavior and filtering tests. But it would be incorrect for the STUN server to send back 172.31.5.7 as its alternate IP - the client has no way of reaching that IP since its private.
Similarly for TURN, when port allocations occur, the server needs to send back the public IP address of the EC2 isntance to the client who allocated it. It would be bad if the client requested a TURN port to share with another peer - only for the TURN srever to send back 172.31.5.6.
Hence, for a STUN or TURN server to be hosted behind a NAT, a set of command line parameters or configuration parameters are needed to tell the server what its "real" IP addresses are. The STUN/TURN software will use these IP addresses for sending responses back to clients.

access the google compute server with a subdomain rather than external IP address

I created a VM instance and deployed my application. I can access the application through the given external IP address, but I want to access it with some domain, just like openshift provides a domain AAA.rhcloud.com, which we can use the access the projects from the VM.
Is it possible to do it easily without normal DNS and CNAME route?
Thanks,
Manish
Most IP addresses have a DNS address than you can find out with reverse DNS:
$ dig +short -x 104.197.1.2
2.1.197.104.bc.googleusercontent.com.
As you can see on GCE you can reverse the IP address and append bc.googleusercontent.com. Of course this is no easier to remember than the IP address itself.
Between GCE instances in the same project, you can also use INSTANCE_NAME.c.PROJECT_ID.internal, but this won't work from outside GCE.

GCE + K8S - Accessing referral IP address

With a standard Kubernetes deployment on Google Container Engine, to include services configured with the Kubernetes load balancer settings which creates network load balancers, is it possible to access the user's (or referring) IP address in an application? In the case of PHP, checking common headers in the $_SERVER superglobal only results in the server and internal network addresses being available.
Not yet. Services go through kube_proxy, which answers the client connection and proxies through to the backend (your PHP server). The address that you'd see would be the IP of whichever kube-proxy the connection went through.
Work has been done, and a tracking issue is still open to switch over to an iptables-only proxy. That would allow your PHP server to get the actual client IP.