This is a pretty confusing title but the gist of it is this:
We have a service, let’s suppose its a database, running internally. We can get to it from our Kubernetes cluster, but resources outside of Kubernetes can’t get to it. And the only way we can get to Kubernetes services is through a resource.
We’re going to use the nginx ingress controller. To start things off, suppose this is a database. The database is port 3306. But we’re going to expose port 33306 outside.
Step 1: ConfigMap
apiVersion: v1 kind: ConfigMap metadata: name: nginx-tcp namespace: ingress-nginx data: 33306: ingress-nginx/db-replica:3306
Step 2: Service pointing to External Name
apiversion: v1 kind: Service metadata: name: db-replica namespace: ingress-nginx spec: type: ExternalName externalName: <internal dns name of service> ports: - port: 3306 protocol: TCP targetPort: 3306 name: database
If something hits this service from inside, it will redirect to the database.
Step 3: Update inginx-ingress
If you install nginx-ingress via helm chart you’ll need to update the values or if its a manifest, the values under the service named:
It should look something like the below snippet:
... spec: type: LoadBalancer externalTrafficPolicy: Local ports: - name: http port: 80 protocol: TCP targetPort: http - name: https port: 443 protocol: TCP targetPort: https - name: database port: 33306 protocol: TCP targetPort: 33306 ...
Basically, all we are adding is the target port 33306 so that we can.
Now, apply the templates and congratulate yourself for creating a major security hole in your infrastructure!
Note: If you are running on AWS, you’ll have to create proper security groups that allow ports to go through.