How Kubernetes connecting external mysql from fix ip - service

I know how to create the service abstraction that points to an endpoint to an external database(not within the cluster ip). However, my mysql service (single host mysql) only permits fix ip for access. The obvious reason is security.
So, how can one fix this?
kind: "Service"
apiVersion: "v1"
metadata:
name: "example-external-service"
spec:
ports:
-
name: "mysql"
protocol: "TCP"
port: 3306
targetPort: 3306
nodePort: 0
end point defintion:
kind: "Endpoints"
apiVersion: "v1"
metadata:
name: "example-external-service"
subsets:
- addresses:
- ip: "10.10.1.1"
ports:
- name: "mysql"
port: 3306

Related

kubernetes service and endpoints with 2 ports

I have postgres instance running outside kubernetes cluster on port 5434.
Service manifest looks like below. Everything works well.
kind: Service
apiVersion: v1
metadata:
name: postgres
spec:
ports:
- protocol: TCP
port: 5432
targetPort: 5434
---
apiVersion: v1
kind: Endpoints
metadata:
name: postgres
subsets:
- addresses:
- ip: 10.1.0.210
ports:
- port: 5434
But when I want add one additional port (5434) on my service it stops working (both ports). Manifest:
kind: Service
apiVersion: v1
metadata:
name: postgres
spec:
ports:
- protocol: TCP
port: 5432
targetPort: 5434
name: p1
- protocol: TCP
port: 5434
targetPort: 5434
name: p2
---
apiVersion: v1
kind: Endpoints
metadata:
name: postgres
subsets:
- addresses:
- ip: 10.1.0.210
ports:
- port: 5434

Kubernetes create an endpoint with DNS instead IP

I need to create an endpoint with DNS instead of IP
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: NodePort
ports:
- port: 5432
targetPort: 5432
nodePort: 30004
---
apiVersion: v1
kind: Endpoints
metadata:
name: my-service
subsets:
- addresses:
- ip: **111.111.111.111** ** < need change this to DNS
ports:
- port: 5432
Everything works fine with numerical IP, but I need to put my Postgres DNS instead, something like:
subsets:
- addresses:
- ip: mypostgres.com
ports:
- port: 5432
But "addresses" only support numerical IP. I need some workaround to make this work.
if you want to connect to a remotely hosted database URI instead of IP you can use ExternalName
kind: Service
apiVersion: v1
metadata:
name: mongo
spec:
type: ExternalName
externalName: ds149763.mlab.com
Please check out more : https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-mapping-external-services

Allow two pods to communicate with each other

First time using Kubernetes. I have an API and a database, and I want the two pods to communicate with each other.
Based on the docs, I should create a service.
I have created a service for each of the two pods, though still not able to connect to the pod using the services IP address.
For example if the MySQL service that is created has an IP address of 11.22.33.44, I can run the following command to try to connect to the pod of that service:
mysql -h11.22.33.44 -uuser -ppassword foo
...and it will hang and eventually the connection will time out.
I create the pod and service like so:
kubectl create -f ./mysql.yaml
mysql.yaml:
apiVersion: v1
kind: Service
metadata:
name: mysql-service
spec:
selector:
app: mysql
ports:
- protocol: TCP
port: 80
targetPort: 3306
---
apiVersion: v1
kind: Pod
metadata:
name: mysql
spec:
containers:
- name: mysql
image: my-custom-mysql-image:latest
ports:
- containerPort: 3306
protocol: TCP
name: mysql
env:
- name: MYSQL_DATABASE
value: "foo"
- name: MYSQL_USER
value: "user"
- name: MYSQL_ROOT_PASSWORD
value: "password"
- name: MYSQL_HOST
value: "127.0.0.1"
your service has a selector defined
selector:
app: mysql
yet your Pod has no labels whatsoever, hence the service can not identify it as its backend and has no endpoint to direct traffic for ClusterIP. You should also stick to standard port number on service as well, so like this :
ports:
- protocol: TCP
port: 3306
targetPort: 3306

access a external service running on a vm form inside kubernetes pod

I have a cluster in aws and using kubernetes.
I have an app running on a machine (vm) in the same network as the cluster
in my browser i can type http://ipaddress:port/status and i get a response
In my pod i can ping the ip address and i get a response but if i do wget://ipaddress:port/status it doesn't connect.
I have tried some things but not able to succeed.
How do i get the pod in the cluster to be be able to open this url, what do I need to do?
You can integrate external services within kubernetes.
endpoint.yaml
kind: Endpoints
apiVersion: v1
metadata:
name: external-ip-database
subsets:
- addresses:
- ip: 192.168.0.1
ports:
- port: 3306
service.yaml
apiVersion: v1
kind: Service
metadata:
name: database
spec:
ports:
- port: 1433
targetPort: 1433
protocol: TCP
---
# Because this service has no selector, the corresponding Endpoints
# object will not be created. You can manually map the service to
# your own specific endpoints:
kind: Endpoints
apiVersion: v1
metadata:
name: database
subsets:
- addresses:
- ip: "192.168.1.103"
ports:
- port: 1433

How to expose multiple port using a load balancer services in Kubernetes

I have created a cluster using the google cloud platform (container engine) and deployed a pod using the following YAML file:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: deployment-name
spec:
replicas: 1
template:
metadata:
name: pod-name
labels:
app: app-label
spec:
containers:
- name: container-name
image: gcr.io/project-id/image-name
resources:
requests:
cpu: 1
ports:
- name: port80
containerPort: 80
- name: port443
containerPort: 443
- name: port6001
containerPort: 6001
Then I want to create a service that enables the pod to listen on all these ports. I know that the following YAML file works to create a service that listens on one port:
apiVersion: v1
kind: Service
metadata:
name: service-name
spec:
ports:
- port: 80
targetPort: 80
selector:
app: app-label
type: LoadBalancer
However when I want the pod to listen on multiple ports like this, it doesn't work:
apiVersion: v1
kind: Service
metadata:
name: service-name
spec:
ports:
- port: 80
targetPort: 80
- port: 443
targetPort: 443
- port: 6001
targetPort: 6001
selector:
app: app-label
type: LoadBalancer
How can I make my pod listen to multiple ports?
You have two options:
You could have multiple services, one for each port. As you pointed out, each service will end up with a different IP address
You could have a single service with multiple ports. In this particular case, you must give all ports a name.
In your case, the service becomes:
apiVersion: v1
kind: Service
metadata:
name: service-name
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
- name: something
port: 6001
targetPort: 6001
selector:
app: app-label
type: LoadBalancer
This is necessary so that endpoints can be disambiguated.