I’m currently attempting to set up an IPFS node on Kubernetes to enable both inbound and outbound peer connections. I’ve attempted creating a LoadBalancer/NodePort service, adding the address to the configuration’s announce addresses. While I can observe over 50+ outbound peers, I haven’t managed to establish any inbound peers yet. If anyone has prior experience with a similar configuration, especially on EKS, I would greatly appreciate your guidance.
Although, deploying the same setup using Docker on a remote server with a public IP works flawlessly.
Doing port forwarding can help but it is not enough.
You also need to tell your Kubo node what is the public ip and port that are assigned to it, so it can advertise theses in the DHT.
Secondly in K8s AFAIK you can’t just put a 2 tuple per pod running, Kubo does not support load balanced ports, because each Kubo process needs to run with it’s own Peer ID, and if you use a load balanced port there is no way to ensure inbound connections reach the expected Kubo node (if it does not crypto handshake fails due to peer id mismatch).
We support hole punching, so if you host content inside your k8s cluster, other nodes are able to download it using a relay to synchronise holepunching.
Hi, I appreciate your response. Could you provide more details on the process of achieving port forwarding? I have attempted the creation of a NodePort service and adding it to the announce address, but unfortunately, it’s not working.
Additionally, I have already experimented with libp2p relay servers as a pod. While they have proven helpful in fetching files from the IPFS node, I am still facing challenges in establishing inbound peers.
I’ve yet to see hole punching actually work w/ my own k8s instances (just single cluster and ipfs daemon - each individually configured for now). I later even manually configured the ipfs instance to announce its static ip (which is forwarded through). Before that, nothing worked.
Now, it works but only with my own independent ipfs node tests. I’ve only ever seen one or two proxy services fetch my content (which is independent). The usual suspects, ipfs.io, dweb.link, cloudflare - NONE fetch it.
It almost feels like these services have static peers somehow and that’s it. This obviously defeats the purpose.
