Ftps server doesn't work properly using kubernetes
It works with the following change:
apiVersion: v1 kind: Service metadata: name: ftps-alpine labels: run: ftps-alpine spec: type: NodePort ports: - port: 21 targetPort: 21 nodePort: 30025 protocol: TCP name: ftp21 - port: 20 targetPort: 20 protocol: TCP nodePort: 30026 name: ftp20 - port: 30020 targetPort: 30020 nodePort: 30020 protocol: TCP name: ftp30020 - port: 30021 targetPort: 30021 nodePort: 30021 protocol: TCP name: ftp30021 selector: run: ftps-alpine --- apiVersion: apps/v1 kind: Deployment metadata: name: ftps-alpine spec: selector: matchLabels: run: ftps-alpine replicas: 1 template: metadata: labels: run: ftps-alpine spec: containers: - name: ftps-alpine image: test_alpine imagePullPolicy: Never ports: - containerPort: 21 - containerPort: 20 - containerPort: 30020 - containerPort: 30021
and for the vsftpd.conf :
seccomp_sandbox=NOpasv_promiscuous=NOlisten=YESlisten_ipv6=NOanonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022dirmessage_enable=YESuse_localtime=YESxferlog_enable=YESconnect_from_port_20=YESchroot_local_user=YES#secure_chroot_dir=/vsftpd/emptypam_service_name=vsftpdpasv_enable=YESpasv_min_port=30020pasv_max_port=30021user_sub_token=$USERlocal_root=/home/$USER/ftpuserlist_enable=YESuserlist_file=/etc/vsftpd.userlistuserlist_deny=NOrsa_cert_file=/etc/ssl/private/vsftpd.pemrsa_private_key_file=/etc/ssl/private/vsftpd.pemssl_enable=YESallow_anon_ssl=NOforce_local_data_ssl=YESforce_local_logins_ssl=YESssl_tlsv1=YESssl_sslv2=NOssl_sslv3=NOallow_writeable_chroot=YES#listen_port=21pasv_address=#minikube_ip#
First you need to fix your passive port range to actually be port 20 like you set in service:
pasv_min_port=20pasv_max_port=20
And then you need to override the pasv_address
to match whatever IP the user should be connecting to, pick one of your node IPs.