K8s on premise: expose api to public

#1

Hi, forgive me for my bad english.

I have installed a k8s cluster using kubesparay on 5 servers (3 managers en 5 workers). I’d like to expose the k8s api to public. So i have an ingress to allow access to HTTPS api using the kubernetes service created by default by kubespray. It works for some command, but “exec” raise an error: “Upgrade request required”

So i have tried to plug a ladbalancer IP directly to the kubernetes service, but the IP is not reachable from outside (just for this service if i use this ip on another service, it works).

How can I expose kubernetes service to public using a loadbalancer IP (provisionned by metallb) ??

Thanks for your help.

0 Likes

#2

azer

    March 27

Hi, forgive me for my bad english.

I have installed a k8s cluster using kubesparay on 5 servers (3 managers en 5 workers). I’d like to expose the k8s api to public. So i have an ingress to allow access to HTTPS api using the kubernetes service created by default by kubespray. It works for some command, but “exec” raise an error: “Upgrade request required”

Have you checked:

https://stackoverflow.com/questions/51154911/kubectl-exec-results-in-error-unable-to-upgrade-connection-pod-does-not-exi

And

https://github.com/kubernetes/kubernetes/issues/63702

Most likely you need to specify the proper IP/network interface.

So i have tried to plug a ladbalancer IP directly to the kubernetes service, but the IP is not reachable from outside (just for this service if i use this ip on another service, it works).How can I expose kubernetes service to public using a loadbalancer IP (provisionned by metallb) ??

Is the traffic not reaching the nodes? Can you run tcpdump, for example?

Also, are you using BGP or layer 2 mode? And are you using external Traffic Policy? If you are, I can imagine that the speaker component is not scheduled to master due to taints, for example.

But please share more about your setup so we can have a better understanding. Please try to narrow it down as far as you can, like is traffic reaching nodes (tcpdump for checking, for example)? Can you access using the nodeIP:nodePort? At which hops can you trace the request and where is being dropped?

0 Likes