Share via

Too many unknown incoming connections after exposing my pod in Kubernetes

Jack McKenzie 21 Reputation points
2022-03-17T22:46:22.74+00:00

I have coded a simple server socket app listening on port 13345 and a client-side app.
Both are running fine locally on my computer.

When deployed into Azure Kubernetes Service, the server app starts fine.

Then I expose the app which is called "event-bus" using this command:
kubectl expose deployment event-bus --type=LoadBalancer

And from then onward, the app keeps getting hit every second with incoming connections that are not from me:

Mar 17, 2022 10:16:09 PM com.acme.messaging.server.MessageExchangeService main
INFO: Accepted an incoming connection from 10.244.1.1
Mar 17, 2022 10:16:09 PM com.acme.messaging.server.ServerSocketConnectionThread run
INFO: Waiting for incoming data from remote client /10.244.1.1:63870
Mar 17, 2022 10:16:09 PM com.acme.messaging.server.MessageExchangeService main
INFO: Accepted an incoming connection from 10.240.0.6
Mar 17, 2022 10:16:09 PM com.acme.messaging.server.ServerSocketConnectionThread run
INFO: Waiting for incoming data from remote client /10.240.0.6:51200
Mar 17, 2022 10:16:09 PM com.acme.messaging.server.MessageExchangeService main
INFO: Accepted an incoming connection from 10.240.0.5
Mar 17, 2022 10:16:09 PM com.acme.messaging.server.ServerSocketConnectionThread run
INFO: Waiting for incoming data from remote client /10.240.0.5:26748
Mar 17, 2022 10:16:15 PM com.acme.messaging.server.MessageExchangeService main
INFO: Accepted an incoming connection from 10.244.1.1
Mar 17, 2022 10:16:15 PM com.acme.messaging.server.ServerSocketConnectionThread run
INFO: Waiting for incoming data from remote client /10.244.1.1:41947
Mar 17, 2022 10:16:15 PM com.acme.messaging.server.MessageExchangeService main
INFO: Accepted an incoming connection from 10.240.0.6
Mar 17, 2022 10:16:15 PM com.acme.messaging.server.ServerSocketConnectionThread run
INFO: Waiting for incoming data from remote client /10.240.0.6:9574
Mar 17, 2022 10:16:15 PM com.acme.messaging.server.MessageExchangeService main
INFO: Accepted an incoming connection from 10.240.0.5
Mar 17, 2022 10:16:15 PM com.acme.messaging.server.ServerSocketConnectionThread run
INFO: Waiting for incoming data from remote client /10.240.0.5:40369
...

These connections cause an unwanted usage of CPU/network resources.

Do you know what it is and how it can be disabled?

I want to expose the app only to eventually connect to it via socket myself, not to have any automated thing hitting it several times per second.

Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,462 questions
0 comments
Accepted answer
  1. shiva patpi 13,366 Reputation points Microsoft Employee Moderator
    2022-03-17T23:25:45.187+00:00

    Hello @Jack McKenzie ,
    When you expose the pod via Load Balancer service , it will try to create External-IP which is accessible to the world.
    Can you try exposing your app using Internal LoadBalancer ?

    https://learn.microsoft.com/en-us/azure/aks/internal-lb

    If you still want to expose via External LB , then you might have to restrict your traffic using Network Security Group or by using Network Policies like Azure/Calico.
    By using Network Policies you can specify the Ingress/Egress traffic.
    https://kubernetes.io/docs/concepts/services-networking/network-policies/

    Check out both of those options, see how it goes !

    Regards,
    Shiva.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.