Skip to main content
Version: 22.3

Configure External Access through a NodePort Service

By default, Redpanda clusters are exposed through a NodePort Service. When the external.type field is set to NodePort, the Helm chart creates a NodePort Service that routes external traffic to the following listeners on the Redpanda brokers:

ListenerDefault node port
Admin API31644
Kafka API31092
PandaProxy30082
Schema Registry30081

To expose your Redpanda cluster externally through a NodePort Service, you must configure brokers to advertise one of the following:

Prerequisites

  • Install rpk on your local machine so that you can test connections to your Redpanda cluster from outside Kubernetes.

  • Review the best practices.

  • Understand Kubernetes networking for Redpanda.

  • Make sure that your Kubernetes cluster is accessible through your desired node port range. You may need to edit your inbound firewall rules.

Use the default Redpanda subdomains

You can use a DNS provider to create A/AAAA records that route traffic from the default Redpanda subdomains to the addresses of the corresponding worker nodes. The default subdomains are redpanda-<ordinal-number>, where redpanda is the name of the chart and the <ordinal-number> placeholder is generated by the StatefulSet.

  1. Get a domain from a domain registrar.

  2. Specify your domain name in the external.domain configuration.

    Replace <custom-domain> with your domain.

    custom-domain.yaml
    external:
    domain: <custom-domain>
    enabled: true
    type: NodePort
    helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \
    --values custom-domain.yaml
  3. Find out on which worker nodes your Redpanda brokers are running.

    kubectl get pod -n redpanda  \
    -o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -l \
    app.kubernetes.io/component=redpanda,job-name!=redpanda-post-install,job-name!=redpanda-post-upgrade
  4. Find the IP address of each worker node.

    kubectl get node -o wide
  5. Update the A/AAAA records for your domain so that each subdomain (hostname) points to the correct worker node's IP address.

    HostnameIP address
    redpanda-0<worker-node-ip-1>
    redpanda-1<worker-node-ip-2>
    redpanda-2<worker-node-ip-3>
    warning

    IP addresses can change. If the IP addresses of your worker nodes change, you must reconfigure your DNS records with the new IP addresses.

  6. Wait for your DNS changes to be propagated.

  7. Use your custom domain to communicate with the Redpanda cluster from outside the Kubernetes cluster:

    rpk cluster info --brokers redpanda-0.<custom-domain>:31092

Use custom subdomains

You can give each Redpanda broker a custom subdomain to advertise instead of the default subdomains. Then, you can use a DNS provider to create A/AAAA records that route traffic from the custom subdomains to the addresses of the corresponding worker nodes.

  1. Get a domain from a domain registrar.

  2. Choose an option to configure the subdomains:

    • To use fully custom subdomains, do the following.

      Replace <custom-domain> with your domain, and replace the placeholders in the external.addresses configuration with your own subdomains in the order that you want them to be applied to the Redpanda brokers.

      The subdomains are given to each Redpanda broker in order. For example, the Redpanda broker running inside the redpanda-0 Pod will advertise <subdomain-for-broker-0>.<custom-domain>.

      custom-subdomain.yaml
      external:
      enabled: true
      type: NodePort
      domain: <custom-domain>
      addresses:
      - <subdomain-for-broker-0>
      - <subdomain-for-broker-1>
      - <subdomain-for-broker-2>
      helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \
      --values custom-subdomain.yaml
    • Or, to use custom subdomains that are suffixed with the index of the StatefulSet replica, do the following.

      Replace <custom-domain> with your domain, and replace <custom-subdomain> with your subdomain.

      This configuration renames your Pods to <subdomain>-<ordinal-number>. Your Redpanda brokers will advertise the <subdomain>-<ordinal-number>.<custom-domain> address.

      custom-subdomain-ordinal.yaml
      fullnameOverride: <custom-subdomain>
      external:
      enabled: true
      type: NodePort
      domain: <custom-domain>
      helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \
      --values custom-subdomain-ordinal.yaml
  3. Find out on which worker nodes your Redpanda brokers are running.

    kubectl get pod -n redpanda  \
    -o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -l \
    app.kubernetes.io/component=redpanda,job-name!=redpanda-post-install,job-name!=redpanda-post-upgrade
  4. Find the IP address of each worker node.

    kubectl get node -o wide
  5. Update the A/AAAA records for your domain so that each hostname points to the correct worker node's IP address.

    HostnameIP address
    <subdomain-for-broker-0><worker-node-ip-1>
    <subdomain-for-broker-1><worker-node-ip-2>
    <subdomain-for-broker-2><worker-node-ip-3>
    warning

    IP addresses can change. If the IP addresses of your worker nodes change, you must reconfigure your DNS records with the new IP addresses.

  6. Wait for your DNS changes to be propagated.

  7. Use your custom domain to communicate with the Redpanda cluster from outside the Kubernetes cluster:

    rpk cluster info --brokers <subdomain-for-broker-0>.<custom-domain>:31092

Use IP addresses

You can configure each Redpanda broker to advertise the IP address of the worker node on which it's running.

  1. Find out on which worker nodes your Redpanda brokers are running.

    kubectl get pod -n redpanda  \
    -o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -l \
    app.kubernetes.io/component=redpanda,job-name!=redpanda-post-install,job-name!=redpanda-post-upgrade
  2. Find the IP address of each worker node.

    kubectl get node -o wide
  3. Add the IP addresses of each worker node to the external.addresses field in order. For example, the first IP address in the list is assigned to redpanda-0, the second is assigned to redpanda-1, and so on.

    external-access-ip-addresses.yaml
    external:
    enabled: true
    type: NodePort
    addresses:
    - <worker-node-ip-1>
    - <worker-node-ip-2>
    - <worker-node-ip-3>
    helm upgrade --install redpanda redpanda/redpanda -n redpanda --create-namespace \
    --values external-access-ip-addresses.yaml
    warning

    IP addresses can change. If the IP addresses of your worker nodes change, you must reconfigure the Redpanda brokers and all your external clients with the new IP addresses.

  4. Use the IP addresses to communicate with the Redpanda cluster from outside the Kubernetes cluster:

    rpk cluster info --brokers <worker-node-ip>:31092

Next steps

Configure individual listeners.

Configure security for your listeners.

What do you like about this doc?




Optional: Share your email address if we can contact you about your feedback.

Let us know what we do well: