Special Kubernetes Steps Required When Supporting FTP

Kubernetes best practices typically suggest not to use the hostport unless absolutely necessary. Usage of the hostport is discouraged when using Kubernetes. However, TIBCO MFT Internet Server required a Kubernetes hostport when using FTP due to the nature of the FTP protocol.

Generally speaking, SFTP provides a simpler and more secure transport mechanism than FTP or FTPS. It is recommended not to use FTP when running in a Kubernetes environment. If you need to support FTP, the sections that follow define how to enable the hostport capability.

On incoming FTP PASV request and outgoing PORT requests, TIBCO MFT Internet Server listens on a port and sends a packet to the FTP partner that indicates to the partner how to connect back to the FTP port. In this packet is the IP address and port that TIBCO MFT Internet Server listens on. TIBCO MFT Internet Server must inquire on the IP address of the TIBCO MFT Internet Server pod/service. Therefore, TIBCO MFT Internet Server needs the IP address of the host machine where it executes.

This generally causes problems unless Kubernetes is installed with a hostport. Incoming PORT requests and outgoing PASV requests do not have the same issues and should work in a Kubernetes environment. Nonetheless, we do not suggest using FTP or FTPS in a Kubernetes cluster; use SFTP instead.

Copyright © 2021. Cloud Software Group, Inc. All Rights Reserved.