Kubernetes version: 1.19.3
Cloud being used: Digital Ocean
Installation method: Managed kubernetes
Host OS: Ubuntu
My use case: I want to run code-server and JupyterLab as browser-accessible services on a DigitalOcean droplet OR Kubernetes cluster. I would like to do this in a way that allows as much of my budget for hosting as possible to be used for processing software (I write Python machine learning/natural language code). My ideal setup is that I have a subdomain, with SSL (LetsEncrypt is fine), for code-server and another for JupyterLab. Ideally they can access the same storage, but that’s a secondary concern for the moment. I’d be okay with not having a domain and just passing traffic through OpenVPN to an IP and ports, but code-server just won’t run full featured without SSL.
The actual problem: on nearly every attempt to implement this, I have found that I cannot access ports. On a good attempt, I manage to get one service (often something like Python http.server) where going to my domain or IP/port gets me anything other than “connection refused” instantly. I’ve checked firewall settings (I don’t use DigitalOcean’s and I have consistently opened the ports that my native services and/or Docker containers are listening on/being forwarded to). Best I pulled off was using Kubernetes and this tutorial following this tutorial: I got code-server and two example sites running in separate subdomains (pointed using a node balancer, and yes, I have a fully registered domain on DO’s name servers).
There were two problems, however: I couldn’t get LetsEncrypt to issue a certificate on Kubernetes and I didn’t know how to get it into the container for code-server, and also, I am unclear if Kubernetes is the best bang for my buck. This server is for me to run my code (and to write it). I don’t anticipate needing to spin up a lot of different instances of the same applications across distributed clusters, and I’m wondering if something like Rancher on a single very powerful droplet would get me better returns.
That gets me to my next problem: I have not successfully exposed a port in any Linux distro in the past four years. I used to administer multiple sites on a single Linode, from 2012-16 or so, and it was no problem, although probably quite insecure, but I’m talking not even being able to expose ports on IP addresses now. Something in how cloud providers handle things has changed. I know AWS, GCloud etc. isolate their VMs on private networks but that’s not what DO, Linode, or Vultr do, and yet I can’t so much as expose a port successfully - even if I follow port exposing tutorials for the distro in question. I’ve literally used Rancher to launch a Docker container on a port, managed by the OS, and verified that port is exposed, and it just doesn’t work. With Kubernetes SOMETIMES the load balancer helps here. I also was able to get a full server up in FreeBSD but too much of what I need to run depends on Docker and Node which sadly haven’t been ported well to that system.
I’ll admit I’m tempted to give up and go with a smaller provider with an actual dedicated server and less security provisions - I’m assuming at least some of this is “protect the user from themselves” business - but I really like DigitalOcean. I’d love some tips on solving any of these issues, or even just deciding if Kubernetes is right for me. (Is it possible to redirect subdomains to different ports on a single IP server so as to have web access to multiple Docker containers or native services? If so that’s probably preferable to the alternative for me. Also, is RancherOS the best way to do container based deployment on a single VM or should I use a full size distro?)
I want to note that I’ve also Googled StackOverflow and found other people with similar issues, but their questions were all closed there and they were told to Google; Googling turns up DO tutorials and the closed
StackOverflow threads. I should note I’ve also tried to do this on Google Cloud and Linode with similar results. Sites like StackOverflow make me feel stupid; I’m an experienced developer but they close every question with “don’t be lazy, Google it” and I DID, for DAYS, and it’s mostly SO threads with that same advice. And DigitalOcean tutorials which are great but not sufficient.
tl;dr; I’m having trouble exposing ports, despite following OS procedures, and also I am not sure if my personal development server for just me to use should be a Kubernetes cluster or a single server with Docker deployment, and I don’t know how to route ports to subdomains for the two apps I want to expose if I’m not using a Kubernetes load balancer.