How to pause and then resume a Kubernetes service in Google cloud?
I have a service named Foo that is currently running. It directs traffic it receives to a running Pod as well. Since the service is of type LoadBalancer and runs in Google Cloud - it has it's own external IP.
I'm currently doing maintenance and testing on various services and would like to temporarily STOP service Foo from working, then RESUMING it again. That is, anyone that hits the IP for service Foo would get a 404, but then later on I resume it - they would start getting answers back.
The reason why I don't just flat out delete the service then create a new one is because I wish to maintain the original IP address for the Foo service. I have tests that directly reference that IP and do not wish to have to continuously change them. i also have a few clients in production relying on that IP so I can't risk losing it.
Any indication then on how to temporarily STOP / RESUME a kubernetes service in Google cloud, while preserving it's IP?
Thanks
Kubernetes itself does not have mechanism to stop a service.
When you create a Service type of LoadBalancer in GKE, it automatically creates a forwarding rule for external access. You can disable that rule (not delete!) to stop external traffic accessing your Service.
To disable the forwarding rule:
- Check the associated IP address with a LoadBalancer by either:
- issuing:
$ kubectl get svc - going to:
GCP Dashboard -> Kubernetes Engine -> Services & Ingress
- issuing:
- Go to
GCP Dashboard -> VPC Network -> External IP addresses - Find your LB's IP and copy name of the forwarding rule associated with it
- Go to
GCP Dashboard -> VPC Network -> Firewall - Search for mentioned forwarding rule
- Edit it
- On the bottom of edit site you should have an option to disable it like picture below:
From a GKE perspective you can create a service type of LoadBalancer with a static IP address that will be bound and available to your project as long as it's not released. Even if you delete a Service in your GKE cluster it will still be available to bound to your recreated Service.
You can do it by either:
Reserving static IP address before Service creation
- Go to
GCP Dashboard -> VPC Network -> External IP addresses -> Reserve Static Address - Create a static IP
- Note the IP address created
- Create a
Servicetype of LoadBalancer with previously created IP address. Example below:
apiVersion: v1
kind: Service
metadata:
name: hello-service-lb
spec:
selector:
app: hello
ports:
- name: hello-port
port: 80
targetPort: 50001
nodePort: 30051
type: LoadBalancer
loadBalancerIP: PASTE_HERE_IP_ADDRESS
Please take a specific look on part:
loadBalancerIP: PASTE_HERE_IP_ADDRESS
as this line is required to have previously created static IP address.
Deleting this Service will:
- Delete a
ServiceinGKE - Delete the association between
Serviceand IP address inGCP Dashboard - It will not delete the reserved static IP address
Creating a Service before reserving static IP address
Assuming that you have already created a Service type of LoadBalancer you can:
- Go to
GCP Dashboard -> VPC Network -> External IP addresses - Found the IP address associated with your LoadBalancer
- Change type of this IP address from:
EphemeraltoStatic. This will ensure that this IP will not be released when Service got deleted. - You will need to edit your Service definition when recreating it to include:
loadBalancerIP: PASTE_HERE_IP_ADDRESS
If you changed your IP address type from Ephemeral to Static, deleting your Service will not release your Static IP address.
Please take a look on additional documentation:
- Cloud.google.com: IP addresses: Reserve static external IP
- Cloud.google.com: Kubernetes Engine: LoadBalancer
Please let me know if you have any questions in that.
- Single Container Pod yaml
- How is a service connected to a pod? In yaml, what fields need to match between service and pod?
- Helm's v3 Example Doesn't Show Multi-line Properties. Get YAML to JSON parse error
- Kubectl command to list pods of a deployment in Kubernetes
- Kubernetes: list all pods and its nodes
- how to uninstall minikube from ubuntu, i get an 'Unable to load cached images' error
- Failed to start minikube with virtualbox driver on ubuntu 20.04
- Using Minikube: deployed SQL Server 2022, but it's not reachable on host machine using ssms
- Kubernetes Application with multiple Resources single YAML
- Nat Gateway Profile for AKS using terraform
- kubectl logs - continuously
- How do i update helm repo to the latest version
- 0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims
- Is there a name or standard for the YAML format used to describe kubernetes resources?
- Kubernetes Persisten Volumes
- Kubernetes Authentication no re-create token
- .NET 8 app in Rancher only listening on http port
- Issue injecting helm value on configmap
- Which rights are missing? Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy
- is it possible to shrink the spaces of io.containerd.snapshotter.v1.overlayfs folder in kubernetes
- How can I get pods by label, using the python kubernetes api?
- Failed calling webhook "namespace.sidecar-injector.istio.io"
- How to Hard Limit Of Storage Usage
- Delete Kubernetes namespace with delay
- Redis Sentinel doesn't auto discover new slave instances
- Azure pipelines: abstract away parameters
- difference between spark.kubernetes.driver.request.cores, spark.kubernetes.driver.limit.cores and spark.driver.cores
- Debezium KafkaConnect, kafka_connect_run.sh No such file or directory
- Unable to access my minikube cluster from the browser (❗ Because you are using a Docker driver on windows, the terminal needs to be open to run it.)
- What is the difference between Istio VirtualService and Kubernetes Service?