1

I have a REST-api in one pod that needs to whitelist all hostnames or ips that connects to it. In another deployment/pod I have my own kotlin program that tries to connect to the REST-api

Both deployment are exposed with ClusterIp services. I can do a "ping" request. So that works fine.

I thougt that one way was to use the service dns-name of the kotlin service. But that ip is not the same as that from the kotlin-pods.

The REST-api doesn't support subnet masks. And I can't really add all ips in the k8s cluster.

Arlukin
  • 1,203
  • 6
  • 18
  • 27
  • It seems like you need to expose the application pod using [Type LoadBalancer](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) instead of Type ClusterIP. Although both services are used for communication purposes, since you needed a single(specific) IP address, Type loadBalancer suits more. Difference between these services are explained [here](https://medium.com/google-cloud/kubernetes-nodeport-vs-loadbalancer-vs-ingress-when-should-i-use-what-922f010849e0). – Digil Sep 06 '19 at 03:52
  • You could visit [this](https://serverfault.com/questions/907189/stable-public-ip-or-ip-range-for-outbound-connections-in-gke) similar discussion thread as well. I hope this helps. – Digil Sep 06 '19 at 03:53
  • Also found this [source-ip](https://kubernetes.io/docs/tutorials/services/source-ip/). Looks like it's not possible when running kube-proxy in iptables mode. Anyway, I solved my problem using an nginx sidecar in the same pod as the REST-api. – Arlukin Sep 07 '19 at 14:42
  • Since you find a solid resolution for your concern please post the same as an answer for the visibility of other community members. This might help them. – Digil Sep 09 '19 at 20:06

1 Answers1

1

You need a way to have reliable IPs for your pods or a reliable host name. Your best option for that is statefulSets. The stateful set will try to maintain the pods state, including the IP if possible. But it also allows you to set a hostname for the pod instead of just the service

Patrick W
  • 582
  • 2
  • 8