Credit Jeffrey Sica

By far one of the most common questions we receive in the monthly Kubernetes Office Hours is: “How do you properly expose a StatefulSet externally?” Usually this question is asked in the form of: “How do I allow connections to a particular instance of Mongo or Postgres from outside the cluster?”

Fear not! This isn’t as challenging as it seems. If you’d like the TL;DR answer, just skip down to the bottom of this post. If you’d like a little bit more of an explanation, continue reading.

Following the normal practice of having a single Service point to all instances…

Quick note: if you already know about OIDC and just want to get minikube setup with Keycloak, feel free to skip down to the bottom.

SO, you’ve experimented with Kubernetes, rolled out some deployments, tested integration with your company CI/CD and are now considering what steps must be taken to bring Kubernetes into production. Most of these steps tend to fall into what are considered ‘Day 2’ operations: gaining observability (metrics and logging), thinking about backup and recovery, and of course the two big A’s: Authentication and Authorization.

Coming from previous experiences in managing applications and platforms; Kubernetes itself does…

Bob Killen

Research Cloud Administrator @ University of Michigan | | CNCF Ambassador | OSS and Open Science Advocate |

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store