Configure External Access through a NodePort Service

By default, Redpanda clusters are exposed through a NodePort Service. When the external.type field is set to NodePort, the Helm chart creates a NodePort Service that routes external traffic to the following listeners on the Redpanda brokers:

Listener	Default Node Port
Admin API	31644
Kafka API	31092
HTTP Proxy (PandaProxy)	30082
Schema Registry	30081

To expose your Redpanda cluster externally through a NodePort Service, you must configure brokers to advertise one of the following:

The default Redpanda subdomains
Custom subdomains
The IP address of worker nodes

Prerequisites

Install rpk on your local machine so that you can test connections to your Redpanda cluster from outside Kubernetes.
Review the best practices.
Understand Kubernetes networking for Redpanda.
Make sure that your Kubernetes cluster is accessible through your desired node port range. You may need to edit your inbound firewall rules.

Use the default Redpanda subdomains

You can use a DNS provider to create A/AAAA records that route traffic from the default Redpanda subdomains to the addresses of the corresponding worker nodes. The default subdomains are redpanda-<ordinal-number>, where redpanda is the name of the chart and the <ordinal-number> placeholder is generated by the StatefulSet.

Get a domain from a domain registrar.

Specify your domain name in the external.domain configuration.

Replace <custom-domain> with your domain.

--values
--set

custom-domain.yaml

external:
  domain: <custom-domain>
    enabled: true
    type: NodePort

helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \
  --values custom-domain.yaml --reuse-values

helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \
  --set external.enabled=true \
  --set external.type=NodePort \
  --set external.domain=<custom-domain>

For default values and documentation for configuration options, see the values.yaml file.

Find out on which worker nodes your Redpanda brokers are running.

kubectl get pod -n redpanda  \
-o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -l \
app.kubernetes.io/component=redpanda-statefulset

Find the IP address of each worker node.
```
kubectl get node -o wide
```
Update the A/AAAA records for your domain so that each subdomain (hostname) points to the correct worker node’s IP address.

Hostname IP address

redpanda-0

<worker-node-ip-1>

redpanda-1

<worker-node-ip-2>

redpanda-2

<worker-node-ip-3>

IP addresses can change. If the IP addresses of your worker nodes change, you must reconfigure your DNS records with the new IP addresses.
Wait for your DNS changes to be propagated.
Use your custom domain to communicate with the Redpanda cluster from outside the Kubernetes cluster:
```
rpk cluster info --brokers redpanda-0.<custom-domain>:31092
```

Hostname	IP address
redpanda-0	`<worker-node-ip-1>`
redpanda-1	`<worker-node-ip-2>`
redpanda-2	`<worker-node-ip-3>`

Use custom subdomains

You can give each Redpanda broker a custom subdomain to advertise instead of the default subdomains. Then, you can use a DNS provider to create A/AAAA records that route traffic from the custom subdomains to the addresses of the corresponding worker nodes.

Get a domain from a domain registrar.
Choose an option to configure the subdomains:
- To use fully custom subdomains, do the following.
  
  Replace <custom-domain> with your domain, and replace the placeholders in the external.addresses configuration with your own subdomains in the order that you want them to be applied to the Redpanda brokers.
  
  The subdomains are given to each Redpanda broker in order. For example, the Redpanda broker running inside the redpanda-0 Pod will advertise <subdomain-for-broker-0>.<custom-domain>.
  --values
  
  --set
  
  custom-subdomain.yaml
  
  external: enabled: true type: NodePort domain: <custom-domain> addresses: - <subdomain-for-broker-0> - <subdomain-for-broker-1> - <subdomain-for-broker-2>
  
  helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \ --values custom-subdomain.yaml --reuse-values
  
  helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \ --set external.enabled=true \ --set external.type=NodePort \ --set external.domain=<custom-domain> \ --set "external.addresses={<subdomain-for-broker0>,<subdomain-for-broker1>,<subdomain-for-broker2>}"
  For default values and documentation for configuration options, see the values.yaml file.
- Or, to use custom subdomains that are suffixed with the index of the StatefulSet replica, do the following.
  
  Replace <custom-domain> with your domain, and replace <custom-subdomain> with your subdomain.
  
  This configuration renames your Pods to <subdomain>-<ordinal-number>. Your Redpanda brokers will advertise the <subdomain>-<ordinal-number>.<custom-domain> address.
  --values
  
  --set
  
  custom-subdomain-ordinal.yaml
  
  fullnameOverride: <custom-subdomain> external: enabled: true type: NodePort domain: <custom-domain>
  
  helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \ --values custom-subdomain-ordinal.yaml --reuse-values
  
  helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \ --set external.enabled=true \ --set external.type=NodePort \ --set external.domain=<custom-domain> \ --set fullnameOverride=<custom-subdomain>
  For default values and documentation for configuration options, see the values.yaml file.

Find out on which worker nodes your Redpanda brokers are running.

kubectl get pod -n redpanda  \
-o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -l \
app.kubernetes.io/component=redpanda-statefulset

Find the IP address of each worker node.
```
kubectl get node -o wide
```
Update the A/AAAA records for your domain so that each hostname points to the correct worker node’s IP address.

Hostname IP address

<subdomain-for-broker-0>

<worker-node-ip-1>

<subdomain-for-broker-1>

<worker-node-ip-2>

<subdomain-for-broker-2>

<worker-node-ip-3>

IP addresses can change. If the IP addresses of your worker nodes change, you must reconfigure your DNS records with the new IP addresses.
Wait for your DNS changes to be propagated.
Use your custom domain to communicate with the Redpanda cluster from outside the Kubernetes cluster:
```
rpk cluster info --brokers <subdomain-for-broker-0>.<custom-domain>:31092
```

Hostname	IP address
`<subdomain-for-broker-0>`	`<worker-node-ip-1>`
`<subdomain-for-broker-1>`	`<worker-node-ip-2>`
`<subdomain-for-broker-2>`	`<worker-node-ip-3>`

Use IP addresses

You can configure each Redpanda broker to advertise the IP address of the worker node on which it’s running.

Find out on which worker nodes your Redpanda brokers are running.

kubectl get pod -n redpanda  \
-o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -l \
app.kubernetes.io/component=redpanda-statefulset

Find the IP address of each worker node.
```
kubectl get node -o wide
```

Add the IP addresses of each worker node to the external.addresses field in order. For example, the first IP address in the list is assigned to redpanda-0, the second is assigned to redpanda-1, and so on.

--values
--set

external-access-ip-addresses.yaml

external:
  enabled: true
  type: NodePort
  addresses:
  - <worker-node-ip-1>
  - <worker-node-ip-2>
  - <worker-node-ip-3>

helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \
  --values external-access-ip-addresses.yaml --reuse-values

helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \
  --set external.enabled=true \
  --set external.type=NodePort \
  --set external.domain=<custom-domain> \
  --set "external.addresses={<worker-node-ip1>,<worker-node-ip2>,<worker-node-ip3>}"

For default values and documentation for configuration options, see the values.yaml file.

IP addresses can change. If the IP addresses of your worker nodes change, you must reconfigure the Redpanda brokers and all your external clients with the new IP addresses.

Use the IP addresses to communicate with the Redpanda cluster from outside the Kubernetes cluster:
```
rpk cluster info --brokers <worker-node-ip>:31092
```