Ensuring Two Node Ports Share the Same External IP Address in Kubernetes
When configuring a testing environment where an application requires two TCP ports to operate, it’s crucial that these ports are exposed through containers with identical external IP addresses. Docker-compose simplifies this task but when working within a company utilizing GitLab runners and orchestrated by Kubernetes (via OpenShift), alternative approaches must be considered due to the lack of native support for docker-compose in such systems.
Kubernetes networks are different from traditional setups, which may cause confusion about port visibility outside containers; however, it’s possible within these boundaries using specific configurations with a single service:
spec:
ports:
- name: primaryPort
port: 5000
targetPort: 5000
- name: secondaryPort
port: 5001
targetPort: 5001
---
kind: Service
apiVersion: v1
metadata:
name: testAppService
spec:
ports:
- protocol: TCP
port: primaryPort
targetPort: secondaryPort # Directly referencing the 'target' of internal service ports.
In this configuration, we define two ports under a Kubernetes Service spec that mirror each other in naming and numbers (primaryPort, 5000) to correspond with an external port (secondaryPort), which is also mapped internally as targeting another specific TCP port on the pods. This way:
- Both ports are exposed within containers managed by your service.
- They appear under one domain when queried externally, ensuring a single IP address reveals both of them during an
nmapscan or similar network exploration tools used to inspect external interfaces and connectivity options. This setup aligns with the requirement for shared internal ports while using Kubernetes networking features effectively within your orchestrated environment like OpenShift without needing additional complex configurations typically associated with multi-service setups in containerized environments such as Docker Compose systems.