This is a pretty confusing title but the gist of it is this: <\/p>\n\n\n\n
We have a service, let’s suppose its a database, running internally. We can get to it from our Kubernetes cluster, but resources outside of Kubernetes can’t get to it. And the only way we can get to Kubernetes services is through a resource. <\/p>\n\n\n\n
We’re going to use the nginx ingress controller. To start things off, suppose this is a database. The database is port 3306. But we’re going to expose port 33306 outside. <\/p>\n\n\n\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: nginx-tcp\n namespace: ingress-nginx\ndata:\n 33306: ingress-nginx\/db-replica:3306<\/code><\/pre>\n\n\n\nStep 2: Service pointing to External Name<\/h2>\n\n\n\napiversion: v1\nkind: Service\nmetadata:\n name: db-replica\n namespace: ingress-nginx\nspec: \n type: ExternalName\n externalName: <internal dns name of service>\n ports: \n - port: 3306\n protocol: TCP\n targetPort: 3306\n name: database<\/code><\/pre>\n\n\n\nIf something hits this service from inside, it will redirect to the database. <\/p>\n\n\n\n
Step 3: Update inginx-ingress<\/h2>\n\n\n\n
If you install nginx-ingress via helm chart you’ll need to update the values or if its a manifest, the values under the service named: ingress-nginx-controller<\/code>. <\/p>\n\n\n\nIt should look something like the below snippet: <\/p>\n\n\n\n
...\nspec:\n type: LoadBalancer\n externalTrafficPolicy: Local\n ports: \n - name: http\n port: 80\n protocol: TCP\n targetPort: http\n - name: https\n port: 443\n protocol: TCP\n targetPort: https\n - name: database\n port: 33306\n protocol: TCP\n targetPort: 33306\n...<\/code><\/pre>\n\n\n\nBasically, all we are adding is the target port 33306 so that we can. <\/p>\n\n\n\n
Now, apply the templates and congratulate yourself for creating a major security hole in your infrastructure! <\/p>\n\n\n\n
Note: If you are running on AWS, you’ll have to create proper security groups that allow ports to go through. <\/p>\n","protected":false},"excerpt":{"rendered":"
This is a pretty confusing title but the gist of it is this: We have a service, let’s suppose its a database, running internally. We can get to it from our Kubernetes cluster, but resources outside of Kubernetes can’t get to it. And the only way we can get to Kubernetes services is through a…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[797],"tags":[974,973,798,888,975],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3811"}],"collection":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3811"}],"version-history":[{"count":1,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3811\/revisions"}],"predecessor-version":[{"id":3812,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3811\/revisions\/3812"}],"wp:attachment":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}