How to create a NodePort service without colliding with the kURL infra?

Hello folks,

So, we have our own load balancer pod and service and we do not use any K8s Ingress objects, for reasons. The service needs to be on tcp/80 and 443 and we would simply like to mark it as NodePort and be done with it, expecting the host to surface them. We’re not clustering kURL nodes. Our challenge:

  1. If we do a straight curl install, then kURL installs a Contour which appears to own those ports via kube-proxy.
tcp        0      0*               LISTEN      24653/kube-proxy
tcp        0      0    *               LISTEN      24653/kube-proxy
tcp        0      0 *               LISTEN      24653/kube-proxy
tcp        0      0 *               LISTEN      24653/kube-proxy
tcp        0      0 *               LISTEN      24653/kube-proxy
tcp        0      0   *               LISTEN      24653/kube-proxy
tcp        0      0  *               LISTEN      24653/kube-proxy
tcp        0      0 *               LISTEN      24653/kube-proxy
  1. Ok, so hypothesizing that Contour is asking kube-proxy to grab those local ports, we turned off the Contour add-on in the configurator, and we try curl | sudo bash. This configuration will not install: kURL hits errors. We entered a bug for this with support.

So the question is how do people deal with this? Thanks for reading.

1 Like

Hi Mitch!

One workaround/solution i can think of is by configuring Contour to use a different port. You should be able to configure that as part of the installer by specifying the httpPort and/or httpsPort fields under the contour add-on section. Reference:

But excluding contour should technically work. I would like to get some more information if that’s okay:

1- Would you be able to share the error message you’re getting when trying to run that Kubernetes installer?
2- Which OS/Distribution did you try it on?
3- You mentioned that you already opened a support ticket, would you be able to send us a Slack message with a link to the issue?
4- Could you please verify that the system requirements for kURL is met? reference:

Salah - Senior Software Engineer @ Replicated

Hi Salah, thanks for writing. We’ve made some progress and can share what we learned in case this helps someone else:

  • Our kURL install issue was our selection of k8s version - evidently choosing 1.21.x won’t install. We have a new FR open on your end to detect incompatible kURL configurations. We’re settling for 1.23.x for this experiment but may revisit.

  • We ended up with a working kURL config which omits Contour. This freed up the 80 and 443 ports we wanted to bind to the host’s primary interface. For the record, it’s

  • We set our service type NodePort and set the NodePort attributes to 80 and 443 instead of the defaults, which would create ephemeral ports.

This allows our service to publish directly onto the host’s primary interface as desired. Yes we know it doesn’t scale or cluster and that’s what Weave and Contour are for :slight_smile:

This works.