Click here to Skip to main content
14,637,554 members
Articles » Cloud Computing » Azure » General
Article
Posted 31 Dec 2017

Stats

7.5K views

Exposing ports to Kubernetes pods on Azure

Rate this:
5.00 (3 votes)
Please Sign up or sign in to vote.
5.00 (3 votes)
31 Dec 2017CPOL
Simple step by step guide to exposing ports to Kubernetes pods/containers on Azure

Introduction

In a previous article in this Devops series, we looked at deploying a production ready Kubernetres cluster on Azure using the 'KubeSpray' project, we then set up a data storage volume with Kubernetes on Azure.  This quick article is a short walk-through of how to expose ports over the Internet so you can test the pods externally. Note that this is not production ready or secure - we will cover that in a future article!

Background

When we develop services in containers on the cloud, often we want to expose these over the Internet for production or development. To do this we generally use some kind of firewall/port forwarding rule manager. In Azure we do this by creating inbound security rule mappings, that is, controllowing the flow of network traffic from the wide open Internet, inside to  your virtual network in the cloud.

Locate ports to open

In kubernetes, to identify the ports we are trying to map, we can use KUBECTL

kubectl get svc -n kube-system

This will print out a list of running services and their ports on the internet Kubernetes network similar to the following. The list details the name of the exposed service, its type, IP, port, external IP (if any) and how long it has been operational (age).
 

NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE

heapster               ClusterIP   10.233.54.27    <none>        80/TCP          16m
kube-dns               ClusterIP   10.233.0.3      <none>        53/UDP,53/TCP   16m
kubernetes-dashboard   ClusterIP   10.233.46.183   <none>        80/TCP          16m
monitoring-grafana     NodePort    10.233.28.73    <none>        80:31719/TCP    16m
monitoring-influxdb    ClusterIP   10.233.17.79    <none>        8086/TCP        16m
weave-scope-app        NodePort    10.233.46.240   <none>        80:30243/TCP    16m

 
In order to expose these services, we need to map ports on our external IP using the firewall to redirect to the internal IP/port combination.

As we can only have one port per IP address, we need to create unique port numbers that we can use to map to the individual internal IP/port services.

For this example, we will map as follows:

Grafana monitoring service - internal: 10.233.28.73: 80, external: 9001
Kubernetes dashboard - internal: 10.233.46.183:80, external 9000
Weave-scope - internal:10.233.46.240: 30243, external 9002

Open ports

When we set up our cluster, we created one external Internet IP and attached this to the Kubernetes master. We can get this IP from the Azure dashboard by examining the external IP resource attached to the KubeMaster VM.

Image 1

When you click into this page you will see a list of existing inbound and outbound rules as the overview.

Image 2

We need to select and click on the 'Inbound' security rules property to add our new rules.

Image 3


Once the inbound rules opens, select the NEW button to add a rule.

Image 4

You enter the new EXTERNAL port we determined earlier, and select 'VirtualNetwork'. You may need to wait a few minutes but thats it. Open a browser window to your KubeMaster public IP discussed in our previous article and you should see the services!
 

 

 

History

31/Dec/2017 - Version 1

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

DataBytzAI
Chief Technology Officer The DataWorks
United Kingdom United Kingdom
Allen is a consulting architect with a background in enterprise systems. His current obsessions are IoT, Big Data and Machine Learning. When not chained to his desk he can be found fixing broken things, playing music very badly or trying to shape things out of wood. He runs his own company specializing in systems architecture and scaling for big data and is involved in a number of technology startups.

Allen is a chartered engineer, a Fellow of the British Computing Society, and a Microsoft MVP. He writes for CodeProject, C-Sharp Corner and DZone. He currently completing a PhD in AI and is also a ball throwing slave for his dogs.

Comments and Discussions

 
QuestionCould we have a chat Pin
Sacha Barber11-Feb-18 0:34
MemberSacha Barber11-Feb-18 0:34 
QuestionAnother good one Pin
Sacha Barber31-Dec-17 12:10
MemberSacha Barber31-Dec-17 12:10 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.