Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Canonical
on 1 February 2018

Externally exposing a LXD-based Kubernetes service


This article originally appeared on Rye Terrell’s blog

 

So you’ve conjured up a Kubernetes cluster on top of LXD on your dev box. Cool. You’ve created a deployment, you’ve got a service directing traffic to it, and you can query it from your box. Sweet. Time to demo this to your boss!

“Hey boss,” starts your email, “check it out — I’ve got our product running in a k8s cluster! Just click here to see it for yourself: https://…”

Oops, what IP do you send your boss? You can’t use the internal LXD container IP. You can’t use the IP of your dev box, no traffic is going to reach the relevant container. Damn. What to do?

There’s actually a few ways to solve this. Here, I’ll cover an iptables one-liner that will forward traffic on a particular port to the proper container.

Let’s make sure we’re on the same page. First, I’ll create a “hello-world” deployment:

$ kubectl run hello-world --replicas=2 --labels="run=load-balancer-example" --image=gcr.io/google-samples/node-hello:1.0 --port=8080

Then I’ll create an associated service (with type NodePort, since I want to expose it externally):

$ kubectl expose deployment hello-world --type=NodePort --name=example-service

Now we should be in roughly the same place. Let’s grab the NodePort for our service:

$ kubectl describe services example-service
Name:                     example-service
Namespace:                default
Labels:                   run=load-balancer-example
Annotations:              <none>
Selector:                 run=load-balancer-example
Type:                     NodePort
IP:                       10.152.183.175
Port:                     <unset>  8080/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  30386/TCP
Endpoints:                <none>
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

And find one of the nodes it’s running on:

$ kubectl get pods --selector="run=load-balancer-example" --output=wide
NAME                          READY     STATUS    RESTARTS   AGE       IP           NODE
hello-world-58f9949f8-2cqw7   1/1       Running   0          1h        10.1.7.2     juju-2282c0-7
hello-world-58f9949f8-k5zvl   1/1       Running   0          1h        10.1.102.6   juju-2282c0-3

Next we’ll need to find the IP address associated with that node:

$ lxc info juju-2282c0-3 | grep eth0
eth0: inet 10.218.5.81 vethV8TI50

Finally, using the node IP and the NodePort information we just collected, we’ll set up an iptables rule (note that the port 8080 is the port I’ll expose on my host):

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to-destination 10.218.5.81:30386

Feel free to use iptables-save and iptables-persistent to allow your new rule to survive a reboot.

Now we can test it out from another host (note that 35.169.124.27 is the IP of my host):

$ curl 35.169.124.27:8080
Hello Kubernetes!

Great! Alright, go finish that email.

Want to know more?

On February 7th, technical lead Stephane Graber will be presenting a webinar for Ubuntu Product Month that will dive into how LXD works, what it does, how it can be used in the enterprise, and even provide an opportunity for Q&A.

Register For Webinar

Related posts


Felipe Vanni
13 November 2024

Join Canonical in Paris at Dell Technologies Forum

AI Article

Canonical is thrilled to be joining forces with Dell Technologies at the upcoming Dell Technologies Forum – Paris, taking place on 19 November. This premier event brings together industry leaders and technology enthusiasts to explore the latest advancements and solutions shaping the digital landscape. Register to Dell Technologies Forum – ...


Mita Bhattacharya
6 November 2024

Meet Canonical at KubeCon + CloudNativeCon North America 2024

Cloud and server Article

We are ready to connect with the pioneers of open-source innovation! Canonical, the force behind Ubuntu, is returning as a gold sponsor at KubeCon + CloudNativeCon North America 2024.  This premier event, hosted by the Cloud Native Computing Foundation, brings together the brightest minds in open source and cloud-native technologies. From ...


Felipe Vanni
4 November 2024

Join Canonical in Dallas at Dell Technologies Forum

AI Partners

Canonical is excited to be a sponsor of the Dell Technologies Forum in Dallas, taking place on November 14th. This is a great opportunity to learn about the latest open-source solutions from Canonical and Dell Technologies, and how they can help you transform your business. Register to Dell Technologies Forum – Dallas Empower your organiz ...