This is a pretty confusing title but the gist of it is this:
We have a service, let’s suppose its a database, running internally. We can get to it from our Kubernetes cluster, but resources outside of Kubernetes can’t get to it. And the only way we can get to Kubernetes services is through a resource.
We’re going to use the nginx ingress controller. To start things off, suppose this is a database. The database is port 3306. But we’re going to expose port 33306 outside.
Step 1: ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-tcp
namespace: ingress-nginx
data:
33306: ingress-nginx/db-replica:3306Step 2: Service pointing to External Name
apiversion: v1
kind: Service
metadata:
name: db-replica
namespace: ingress-nginx
spec:
type: ExternalName
externalName: <internal dns name of service>
ports:
- port: 3306
protocol: TCP
targetPort: 3306
name: databaseIf something hits this service from inside, it will redirect to the database.
Step 3: Update inginx-ingress
If you install nginx-ingress via helm chart you’ll need to update the values or if its a manifest, the values under the service named: ingress-nginx-controller.
It should look something like the below snippet:
...
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
- name: database
port: 33306
protocol: TCP
targetPort: 33306
...Basically, all we are adding is the target port 33306 so that we can.
Now, apply the templates and congratulate yourself for creating a major security hole in your infrastructure!
Note: If you are running on AWS, you’ll have to create proper security groups that allow ports to go through.
