It’s another “i made a thing!” post. 🙃
The solution is either:
Keep track of all of the node IP addresses that have an exposed
nodePortand have the client connect directly to the cluster on the
Set up some sort of intermediary to re-write the packet from the
Option 1 seems fragile; if a cluster host / node is recycled, the client needs to learn the new correct IP addresses.
Option 2 seems far more flexible and is basically how most hosted k8 providers do ingress already. In fact, if digital ocean had UDP support, this tool would never have been created. Bonus: clients that expect a specific port can still connect to the service no matter what
nodePort is used.
So that’s what
CAPP is: Cloud Agnostic Protocol Proxy.
It’s a repo w/ a small python tool which can collect the IP addresses(s) belonging to each node in an arbitrary k8 cluster and - when combined with a small user config file - generate configuration files for
A ‘reference’ packer job is included to generate a basic machine image to host traefik. A few lines of
cloud_init is all that’s needed to kick the tool off.