Kubernetes Ingress pass through to internal services (not on the Kubernetes cluster)

This is a pretty confusing title but the gist of it is this:

We have a service, let’s suppose its a database, running internally. We can get to it from our Kubernetes cluster, but resources outside of Kubernetes can’t get to it. And the only way we can get to Kubernetes services is through a resource.

We’re going to use the nginx ingress controller. To start things off, suppose this is a database. The database is port 3306. But we’re going to expose port 33306 outside.

Step 1: ConfigMap

apiVersion: v1
kind: ConfigMap
  name: nginx-tcp
  namespace: ingress-nginx
  33306: ingress-nginx/db-replica:3306

Step 2: Service pointing to External Name

apiversion: v1
kind: Service
  name: db-replica
  namespace: ingress-nginx
  type: ExternalName
  externalName: <internal dns name of service>
    - port: 3306
      protocol: TCP
      targetPort: 3306
      name: database

If something hits this service from inside, it will redirect to the database.

Step 3: Update inginx-ingress

If you install nginx-ingress via helm chart you’ll need to update the values or if its a manifest, the values under the service named: ingress-nginx-controller.

It should look something like the below snippet:

  type: LoadBalancer
  externalTrafficPolicy: Local
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https
    - name: database
      port: 33306
      protocol: TCP
      targetPort: 33306

Basically, all we are adding is the target port 33306 so that we can.

Now, apply the templates and congratulate yourself for creating a major security hole in your infrastructure!

Note: If you are running on AWS, you’ll have to create proper security groups that allow ports to go through.

Leave a Reply

Your email address will not be published. Required fields are marked *