Kubernetes Ingress pass through to internal services (not on the Kubernetes cluster)

This is a pretty confusing title but the gist of it is this:

We have a service, let’s suppose its a database, running internally. We can get to it from our Kubernetes cluster, but resources outside of Kubernetes can’t get to it. And the only way we can get to Kubernetes services is through a resource.

We’re going to use the nginx ingress controller. To start things off, suppose this is a database. The database is port 3306. But we’re going to expose port 33306 outside.

Step 1: ConfigMap

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-tcp
  namespace: ingress-nginx
data:
  33306: ingress-nginx/db-replica:3306

Step 2: Service pointing to External Name

apiversion: v1
kind: Service
metadata:
  name: db-replica
  namespace: ingress-nginx
spec: 
  type: ExternalName
  externalName: <internal dns name of service>
  ports: 
    - port: 3306
      protocol: TCP
      targetPort: 3306
      name: database

If something hits this service from inside, it will redirect to the database.

Step 3: Update inginx-ingress

If you install nginx-ingress via helm chart you’ll need to update the values or if its a manifest, the values under the service named: ingress-nginx-controller.

It should look something like the below snippet:

...
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports: 
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https
    - name: database
      port: 33306
      protocol: TCP
      targetPort: 33306
...

Basically, all we are adding is the target port 33306 so that we can.

Now, apply the templates and congratulate yourself for creating a major security hole in your infrastructure!

Note: If you are running on AWS, you’ll have to create proper security groups that allow ports to go through.