IBM Cloud Docs
When I update my cluster to 1.30 or later, my nodeport app no longer works

When I update my cluster to 1.30 or later, my nodeport app no longer works

Virtual Private Cloud 1.30 and later

Requests sent to your nodeport service fail with a timeout error.

IBM Cloud Kubernetes Service managed load balancer services (ALB, NLB, sdNLB) dynamically adjust the security group rules as they are added, deleted or updated. Rules are also maintained to allow traffic through the nodeports opened by these services. Whenever possible, it is recommended to use IBM Cloud Kubernetes Service managed load balancer services.

If you don't use IBM Cloud Kubernetes Service managed load balancer services, then any unmanaged node port services and the associated security group rules to allow traffic through these node ports are your responsibility.

Update the security group rules for your node port service.

  1. Review the VPC security group quotas.
  2. Identify the node ports that are opened by your node port service.
  3. For each node port opened, create a security group rule.
    ibmcloud is sg-rulec kube-<cluster ID> inbound <tcp/udp> --port-min <nodeport> --port-max <nodeport> --remote 0.0.0.0/0

There are quota limitations on the number of rules allowed per security group. If adding the custom nodeport rule exceeds this quota the rule is not added. In this case, consider using an IBM Cloud Kubernetes Service managed load balancer service or modifying the port-min or port-max settings on your rule(s) to use a nodeport range.