Nodeport ish provisioner

[toonsevrin]

This is out of scope of the project goals but would actually be really useful: A provisioner that works like NodePort on all the worker nodes.

https://github.com/kontena/akrobateo also does this!

[alexellis]

Hi @toonsevrin can you please write-up a more detailed proposal if that's what you want to do? This just looks like a product plug and doesn't come off that well. 🤷‍♂️

[toonsevrin]

Definitely not my product and it's definitely stale. Essentially the provisioner would be implemented with a DaemonSet that schedules an ingress proxy on each node with hostPort ports.

This means that all your worker nodes will expose (eg.) port 80 and 443 and you an simply access your ingress through the ips of your worker nodes. Makes sense?

[toonsevrin]

That may be a little bit information dense. Let's take a step back. A load balancer is expensive for a lot of us that like to run a lot of clusters.

There's a solution called NodePort services, but the problem with them is that they do not allow to go into the ranges we really care about (80-443).

What if there was a LoadBalancer that would function like NodePort, but would open up the ports on all (or a subset of) your workers.

I can then simply setup a wildcard dns that addresses all my workers and there we go: We've got a free load balancer that works perfectly as long as you don't downscale.

I've just finished implementing this functionality for the project relevant to myself by simply editing my istio ingressgateway deployment, changing it to a daemonset and making the ports hostPorts (eg. they expose on the actual worker), it works pefectly!

I think it would be cool to see a maintained project provide this functionality (as quite a few users care about it, just google "how to expose nodeport 80/443 on kubernetes").

Sorry for the weak first issue, it was late 👍

[alexellis]

LoadBalancers are a little expensive for us

The LoadBalancer created by OpenFaaS costs 5 USD / mo when coupled with DigitalOcean. Is that too expensive?

If so, you can use a single LB and Ingress to pipe everything through one 5 dollar investment :-) https://docs.inlets.dev/#/get-started/quickstart-ingresscontroller-cert-manager?id=expose-your-ingresscontroller-and-get-tls-from-letsencrypt

[toonsevrin]

@alexellis you'd be surprised how cheap our multicluster infrastructure is hahaha (that's on cheap students starting companies), our largest cost is literally our 68 euro/m ERP.

Anyways, I haven't read the article but I assume we do something similar: We change our istio ingressgateway to a daemonset and run it on every node with hostPorts. Works perfectly but again, it would be really nice to have something like this work out of the box (without having to create daemonsets/deployments yourself).

I get how it may be difficult to imagine a lot of students and small scale businesses are using kubernetes nowadays and that the value of this proposal seems minimal, in that case, we can close this issue :)