Skip to content
/ nodalingresser Public

Save money for hobby projects with pseudo-loadbalancing in GKE via round-robin DNS.

5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jacobstr/nodalingresser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
cmd/nodalingresser
cmd/nodalingresser
 
 
contrib
contrib
 
 
internal
internal
 
 
.travis.yml
.travis.yml
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

NodalIngresser

NodalIngresser updates an A record for you with the IP addresses of nodes in your GKE cluster. This is a somewhat silly name for a thing that makes GKE worker nodes more easily accessible on the public internet without incurring the $20/mo cost of fronting my apps with an ILB.

Heavily inspired by this blog post. The gist of his clever approach is:

  • Minimal GKE clusters can be had for ~$5/month.
  • But it costs $20/month for an ILB.
  • So put ingress-nginx on your worker nodes, edit the firewall rules on them to allow https, and manage DNS records on the fly as your fungible nodes go in and out of existence.

Note: this guy doesn't edit firewall rules. My personal GKE cluster just has 443 open on the worker node pool.

This isn't as robust as a proper load balancer with health checks to your various backends. DNS is dumb, and with multiple nodes, your clients may find themselves round-robining across unhealthy nodes that are being shut down.

The author of the orignal post was using Cloudflares DNS, and I'm using Google's CloudDNS for my purposes.

Usage

usage: nodalingresser [<flags>]

Automatically updates Google CloudDNS A Records for GKE Nodes.

Flags:
  --help                   Show context-sensitive help (also try --help-long and --help-man).
  --kubeconfig=KUBECONFIG  Path to kubeconfig file. Leave unset to use in-cluster config.
  --debug                  Enable debug logging.
  --client-go-verbosity=CLIENT-GO-VERBOSITY
                           Set client go verbosity level.
  --google-dns-service-account=GOOGLE-DNS-SERVICE-ACCOUNT
                           Path to service account json file with CloudDNS permissions.
  --google-dns-project=GOOGLE-DNS-PROJECT
                           Name of the project to modify records in.
  --google-dns-zone=GOOGLE-DNS-ZONE
                           Name of the zone to modify records in.
  --google-dns-record=GOOGLE-DNS-RECORD
                           Name of the record to modify.

Deploying

See the contrib folder for sample manifests for both the nodalingresser and ingress-nginx. The sa.sh script can be used as an example for how to generate a service account with the necessary credentials to allow nodalingresser to manage a DNS zone for you.

I've configured it to manage a wildcard record in a zone dedicated to cluster. For each service I typically create a corresponding ingress such as:

  • tauhaus.k8s.example.com
  • crusher.k8s.example.com

About

Save money for hobby projects with pseudo-loadbalancing in GKE via round-robin DNS.

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages