The customer can expose their Kubernetes cluster (and event broker services) to external traffic using ClusterIP and an external IP address. The Kubernetes service type is ClusterIP , but an external IP address can be specified using the externalIP property. This solution requires that the customer maps the external IP address of a service to their private IP addresses in the cluster. This solution works best in environments where the BGP protocol is used to route traffic to the appropriate Kubernetes worker nodes. The customer can also have traffic match the ClusterIP services by assigning private network addresses as the service's external IP address. Doing so, makes the service redirect this traffic to the pods backing the service.
The Mission Control Agent supports this mode of operation and can be configured with private IP addresses for which a port range has been allocated. With this solution, no network load balancer is required, but the customer (typically a network administrator) must configure the private IP address to map to each event broker service.
When the Mission Control Agent creates an event broker service, it also creates a ClusterIP service where the externalIP property is set to the private network address in the customer's private network. Since all event broker services use the same private network address, the Mission Control Agent manages the port range as a pool that allows multiple brokers to share the same private network address.
Public access outside of the customer's private network is optional. If required, an Internet gateway is required to route a public IP address to the appropriate private network IP address. If the customer's network blocks external traffic from the Internet, they must whitelist the PubSub+ Home Cloud's IP address. In this case, the customer must provide details (URL, username, and password) of the HTTP/HTTPS proxy server to the Mission Control Agent during deployment.
When you use ClusterIP with an External IP, it has the following advantages and disadvantages over using an integrated load balancer or NodePort (with an external network load balancer):
Advantages
- All event broker services are available over the same private IP address. Just one IP address is required and can be used to expose multiple event broker services.
- The setup is much easier to for on-premises environments where the BGP protocol is used to route private IP addresses to a pool of services, such as Kubernetes worker node pools.
Disadvantages
- When using ClusterIP services with External IP, TCP ports which the client connects with are randomly chosen by the Mission Control Agent over the specified port range. For this reason, this mode of operation doesn't permit the customer to specify custom TCP ports when an event broker service is created from the PubSub+ Cloud Console— even if they try to specify a custom port from the Cloud Console , it has no effect. Instead, the port numbers that are allocated are shown in Connect tab for the event broker service in Cluster Manager within the Cloud Console.
For more information, see External IPs in the Kubernetes documentation.