How to externally access a kubernetes service of type as "NodePort", using ec2 Public IP

Question

On ec2, running a single node k8s cluster. On the node, a service is running with the type as "NodePort" with the exposed port "31380".

I need to access this service externally over port 80.

  apiVersion: v1
  kind: Service
  metadata:
    name: demo-nginx
    labels:
      run: demo-nginx
  spec:
    ports:
    - port: 80
      protocol: TCP
    selector:
      run: demo-nginx
    type: **NodePort**

What additional config is needed to access this from ec2 public IP e.g. a successful "curl ec2publicIp:80" or via a browser?

> ~$ kubectl get services
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
demo-nginx   NodePort    10.107.6.8   <none>        80:31380/TCP   17m
kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP        23m

Note#1) I'm able to access the service from inside the Node, using the privateIP.

curl 172.31.8.98:31380

Note#2) I have tried a combination of IPtable rules e.g.-

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.31.8.98:31380
sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT

Note#3) My ec2 security group and rule is configured to allow http traffic.

Note#4) I have updated the IP forwarding on my EC2 instance.

Note#5) The k8s service exposes a simple nginx deployment.

> $ kubectl get deployments
NAME         READY   UP-TO-DATE   AVAILABLE   AGE
demo-nginx   1/1     1            1           43m

Any insight to this issue would be highly be highly appreciated.

N.B. I already searched many contents but could not find a solution.

Answer 1

If you are looking for the solution to expose Kubernetes service externally (outside the cluster) then Kubernetes Ingress resource would be the best choice to achieve this goal. Ingress, specifically used to offer functionality for HTTP and HTTPS routing from outside the cluster to the nested Kubernetes services.

When you have considered to use Ingress, first step before ingress controller installation would be selection of the appropriate ingress provider, which should satisfy specific cloud platform requirements.

For AWS, I would bet for using NGINX Ingress Controller as it naively offers L4 or L7 level for ELB, you can find more information about ingress-nginx implementation here.

In case you've used Kops to build your cluster, take a look at the ingress-nginx installation here.

I would also recommend to check AWS ALB Ingress Controller for Kubernetes.

Answer 2

Try using kubectl port-forward.

Try this command out in a separate terminal: kubectl port-forward pod/demo-nginx 9998:80 and then try to do a curl localhost:80. If you want to run this in the background, just put a & at the end of the command.

Please note that this is only going to work on your computer. If you want to expose this to the world I would advise you look into using a LoadBalancer type service or some sort of Ingress resource.