After I created a home kubernetes cluster, I immediately wanted to allow external access to pods/services/ingresses hosted inside the cluster. One must be aware that in bare metal environments, there is no receiver of an api call to create a load balancer. Since there is not a scriptable environment available to kubernetes, kubernetes cannot request external IP addresses or provision resources that one has come to expect in cloud environments such as AWS. This is a huge bummer – especially since dynamically built environments are fun to have.
To route traffic to web services inside of kubernetes, you have to options available:
. Services can be exposed via
. In bare metal,
would never work (unless you coded your own API call to configure a load balancer outside of kubernetes).
might work if you want to manage a routing table somewhere inside your network, and
will work if you want to manage a port forwarding table on your router. None of these options are fun for home labs on bare metal. An
is like a layer 7 firewall in that it reads the hostname and path of the incoming HTTP request and can route to applicable services. This works great for a dynamic environment where I am going to host multiple http endpoints.
The overall view of this traffic is going to be:
To create an ingress in kubernetes, you have to make it a
. In cloud environments, the
is created as type
in home labs, we create this as type
and port forward on the router to any node in the kubernetes cluster.
$ kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend ClusterIP 10.102.173.184 80/TCP 3d
ingress-nginx NodePort 10.110.162.247 80:30746/TCP,443:32641/TCP 3d
In my home lab, I am port forwarding on my router
0.0.0.0:80 -> <any_node>:30746
0.0.0.0:443 -> <any_node>:32641
Since I have a non-traditional home router (a Linux server with two nics
), I had to either enter these into
or I could improve upon that by setting up a load balancer such as
will allow me to port-forward load balance across all my nodes and have an easy config file to edit. Because I also want to use
with Let’s Encrypt free SSLs, I chose to use the TCP stream server of
Another hiccup (so to speak) in home based labs, is that ISPs give DHCP addresses. So when my internet IP changes, I need to update the DNS of all my http endpoints. Rather than doing that, I have all my home urls (
) CNAME to a single hostname which I update with a script with the correct IP.