Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / containers / Kubernetes

Exposing Ports to Kubernetes Pods on Azure

5.00/5 (3 votes)
31 Dec 2017CPOL2 min read 17.2K  
Simple step by step guide to exposing ports to Kubernetes pods/containers on Azure
This article is a short walk-through of how to expose ports over the Internet so you can test the Kubernetes pods externally.

Introduction

In a previous article in this Devops series, we looked at deploying a production ready Kubernetes cluster on Azure using the 'KubeSpray' project, we then set up a data storage volume with Kubernetes on Azure. This quick article is a short walk-through of how to expose ports over the Internet so you can test the pods externally. Note that this is neither production ready nor secure - we will cover that in a future article!

Background

When we develop services in containers on the cloud, often we want to expose these over the Internet for production or development. To do this, we generally use some kind of firewall/port forwarding rule manager. In Azure, we do this by creating inbound security rule mappings, that is, controlling the flow of network traffic from the wide open Internet, inside your virtual network in the cloud.

Locate Ports to Open

In Kubernetes, to identify the ports we are trying to map, we can use KUBECTL:

Azure-CLI
kubectl get svc -n kube-system

This will print out a list of running services and their ports on the internet Kubernetes network similar to the following. The list details the name of the exposed service, its type, IP, port, external IP (if any) and how long it has been operational (age).

NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE

heapster               ClusterIP   10.233.54.27    <none>        80/TCP          16m
kube-dns               ClusterIP   10.233.0.3      <none>        53/UDP,53/TCP   16m
kubernetes-dashboard   ClusterIP   10.233.46.183   <none>        80/TCP          16m
monitoring-grafana     NodePort    10.233.28.73    <none>        80:31719/TCP    16m
monitoring-influxdb    ClusterIP   10.233.17.79    <none>        8086/TCP        16m
weave-scope-app        NodePort    10.233.46.240   <none>        80:30243/TCP    16m

In order to expose these services, we need to map ports on our external IP using the firewall to redirect to the internal IP/port combination.

As we can only have one port per IP address, we need to create unique port numbers that we can use to map to the individual internal IP/port services.

For this example, we will map as follows:

  • Grafana monitoring service - internal: 10.233.28.73: 80, external: 9001
  • Kubernetes dashboard - internal: 10.233.46.183:80, external 9000
  • Weave-scope - internal:10.233.46.240: 30243, external 9002

Open Ports

When we set up our cluster, we created one external Internet IP and attached this to the Kubernetes master. We can get this IP from the Azure dashboard by examining the external IP resource attached to the KubeMaster VM.

Image 1

When you click into this page, you will see a list of existing inbound and outbound rules as the overview.

Image 2

We need to select and click on the 'Inbound' security rules property to add our new rules.

Image 3

Once the inbound rules opens, select the NEW button to add a rule.

Image 4

You enter the new EXTERNAL port we determined earlier, and select 'VirtualNetwork'. You may need to wait a few minutes but that's it. Open a browser window to your KubeMaster public IP discussed in our previous article and you should see the services!

History

  • 31st December, 2017: Version 1

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)