By far one of the most common questions we receive in the monthly Kubernetes Office Hours is: “How do you properly expose a StatefulSet externally?” Usually this question is asked in the form of: “How do I allow connections to a particular instance of Mongo or Postgres from outside the cluster?”
Fear not! This isn’t as challenging as it seems. If you’d like the TL;DR answer, just skip down to the bottom of this post. If you’d like a little bit more of an explanation, continue reading.
Quick note: if you already know about OIDC and just want to get minikube setup with Keycloak, feel free to skip down to the bottom.
SO, you’ve experimented with Kubernetes, rolled out some deployments, tested integration with your company CI/CD and are now considering what steps must be taken to bring Kubernetes into production. Most of these steps tend to fall into what are considered ‘Day 2’ operations: gaining observability (metrics and logging), thinking about backup and recovery, and of course the two big A’s: Authentication and Authorization.