Develop Reference

Cannot access GKE with static external IP

I am trying to assign static external IP to the GKE LB.
apiVersion: v1
kind: Service
metadata:
name: onesg
labels:
app: onesg
spec:
selector:
app: onesg
ports:
- port: 80
targetPort: 5000
type: LoadBalancer
loadBalancerIP: "my regional IP"
But after deployment, I cannot access my app from the regional IP. Any idea?
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.104.0.1 <none> 443/TCP 23h
onesg LoadBalancer 10.104.15.191 my regional IP 80:31293/TCP 7m18s
If I use ephemeral IP assigned by GKE LB, I can access my app.

You have to check if your Service is actually pointing to the proper pods.
run the following
kubectl describe service onesg
in the output there should be a field called endpoints.
run this
kubectl get pods -o wide
and make sure the list of IP's in the endpoint field from the first command matches the IP of the pods from the second one
Next to troubleshoot you can try to make sure you app works, you can do that by using the kubectl port-forward command
https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/

Can not access web app on the network running kubernetes and minikube

I have a docker container which runs a basic front end angular app. I have verified it runs with no issues and I can successfully access the web app in the browser with docker run -p 5901:80 formbuilder-stand-alone-form.
I am able to successfully deploy it with minikube and kubernetes on my cloud dev server
apiVersion: v1
kind: Service
metadata:
name: stand-alone-service
spec:
selector:
app: stand-alone-form
ports:
- protocol: TCP
port: 5901
targetPort: 80
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: stand-alone-form-app
labels:
app: stand-alone-form
spec:
replicas: 1
selector:
matchLabels:
app: stand-alone-form
template:
metadata:
labels:
app: stand-alone-form
spec:
containers:
- name: stand-alone-form-pod
image: formbuilder-stand-alone-form
imagePullPolicy: Never
ports:
- containerPort: 80
one#work ...github/stand-alone-form-builder-hhh/form-builder-hhh (main)
% kubectl get pods
NAME READY STATUS RESTARTS AGE
stand-alone-form-app-6d4669f569-vsffc 1/1 Running 0 6s
one#work ...github/stand-alone-form-builder-hhh/form-builder-hhh (main)
% kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
stand-alone-form-app 1/1 1 1 8s
one#work ...github/stand-alone-form-builder-hhh/form-builder-hhh (main)
% kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d7h
stand-alone-service LoadBalancer 10.96.197.197 <pending> 5901:30443/TCP 21s
However, I am not able to access it with the url:
one#work ...github/stand-alone-form-builder-hhh/form-builder-hhh
% minikube service stand-alone-service
|-----------|---------------------|-------------|---------------------------|
| NAMESPACE | NAME | TARGET PORT | URL |
|-----------|---------------------|-------------|---------------------------|
| default | stand-alone-service | 5901 | http://192.168.49.2:30443 |
|-----------|---------------------|-------------|---------------------------|
In this example, http://192.168.49.2:30443/ gives me a dead web page.
I disabled all my iptables for troubleshooting.
Any idea how to access the front end web app? I was thinking I might have the selectors wrong but sure.
UPDATE: Here is the requested new outputs:
one#work ...github/stand-alone-form-builder-hhh/form-builder-hhh (main)
% kubectl describe service stand-alone-service
Name: stand-alone-service
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=stand-alone-form
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.96.197.197
IPs: 10.96.197.197
LoadBalancer Ingress: 10.96.197.197
Port: <unset> 5901/TCP
TargetPort: 80/TCP
NodePort: <unset> 30443/TCP
Endpoints: 172.17.0.2:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
one#work ...github/stand-alone-form-builder-hhh/form-builder-hhh (main)
% minikube tunnel
Password:
Status:
machine: minikube
pid: 237498
route: 10.96.0.0/12 -> 192.168.49.2
minikube: Running
services: [stand-alone-service]
errors:
minikube: no errors
router: no errors
loadbalancer emulator: no errors
Note: I noticed with the tunnel I do have a external IP for the loadbalancer now:
one#work ...github/stand-alone-form-builder-hhh/form-builder-hhh (main)
% kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d11h
stand-alone-service LoadBalancer 10.98.162.179 10.98.162.179 5901:31596/TCP 3m10s

It looks like your LoadBalancer hasn't quite resolved correctly, as the External-IP is still marked as <pending>
According to Minikube, this happens when the tunnel is missing:
https://minikube.sigs.k8s.io/docs/handbook/accessing/#check-external-ip
Have you tried running minikube tunnel in a separate command window?
https://minikube.sigs.k8s.io/docs/handbook/accessing/#using-minikube-tunnel
https://minikube.sigs.k8s.io/docs/commands/tunnel/

minikube and ingress-nginx does not have port 80 open

I'm new to ingress-nginx and I enabled it with minikube using minikube addons enable ingress. When looking for the services related to ingress-nginx, I ran kubectl get services -n kube-system and got:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller-admission ClusterIP 10.96.141.138 <none> 443/TCP 16m
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16m
Noticing that I'm missing port 80, I ran kubectl describe service/ingress-nginx-controller-admission -n kube-system and got:
Name: ingress-nginx-controller-admission
Namespace: kube-system
Labels: addonmanager.kubernetes.io/mode=Reconcile
app.kubernetes.io/component=controller
app.kubernetes.io/instance=ingress-nginx
app.kubernetes.io/name=ingress-nginx
Annotations: <none>
Selector: app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
Type: ClusterIP
IP: 10.96.141.138
Port: https-webhook 443/TCP
TargetPort: webhook/TCP
Endpoints: 172.17.0.3:8443
Session Affinity: None
Events: <none>
When trying to access an endpoint https://ingress-nginx-controller-admission.kube-system.svc.cluster.local/foo, I get this error:
FetchError: request to https://ingress-nginx-controller-admission.kube-system.svc.cluster.local/foo failed, reason: unable to verify the first certificate
, although hitting the endpoint /foo from within a pod through the ingress works just fine. I was looking into the tls related documentation to no avail. Any help on this would be much appreciated.
EDIT: I've added the output of kubectl get svc -A per request:
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default auth-svc ClusterIP 10.100.218.231 <none> 4000/TCP 13s
default client-svc ClusterIP 10.106.143.107 <none> 3000/TCP 12s
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 37m
kube-system ingress-nginx-controller-admission ClusterIP 10.96.141.138 <none> 443/TCP 36m
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 37m

The service you're looking at is, as it's name indicates, the Admission Controller of the minikube ingress addon.
It's used by the Ingress Controller to parse the Ingress definitions and configure the underlying nginx (you can take a look at the minikube ingress addon deployment)
To access the exposed Ingresses that you may have defined, you need to hit the ports 80 or 443 of the minikube machine (available via minikube ip). (You can see those listening ports by doing a minikube ssh -- docker container ls --filter label=app.kubernetes.io/name=ingress-nginx)
The documentation you need is this one: https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/
So, if you defined an Ingress with host=hello-world.info and path=/foo, you will be able to access it with:
curl --header 'Host: hello-world.info' http://`minikube ip`:80/foo
Of course, it's better to define a DNS entry to map hello-world.info to the minikube IP.

running kubectl expose deployment ingress-nginx-controller --target-port=80 --type=NodePort -n kube-system allows me to access the ingress from within a pod in the cluster.

Nginx ingress on minikube does not use service to provide access to ingress pods.
It uses hostPort. Here is part of a yaml of ingres controller's pod:
$ kubectl get pod -n kube-system ingress-nginx-controller-789d9c4dc-5wnc2 -oyaml
[...]
ports:
- containerPort: 80
hostPort: 80
name: http
protocol: TCP
- containerPort: 443
hostPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
[...]
It's behavior is documented in k8s api reference docs
hostPort
Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
Thanks to this, ingress can be easly accessed with:
curl $(minikube ip)

How to access a Kubernetes Pod via a Service that is running on localhost's Docker-Kubernetes

I'm not sure how to access the Pod which is running behind a Service.
I have Docker CE installed and running. With this, I have the Docker 'Kubernetes' running.
I created a Pod file and then kubectl created it ... and then used port-forwarding to test that it's working and it was. Tick!
Next I created a Service as a LoadBalancer and kubectl create that also and it's running ... but I'm not sure how to test it / access the Pod that is running.
Here's the terminal outputs:
Tests-MBP:k8s test$ kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
hornet-data 1/1 Running 0 4h <none>
Tests-MBP:k8s test$ kubectl get services --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
hornet-data-lb LoadBalancer 10.0.44.157 XX.XX.XX.XX 8080:32121/TCP 4h <none>
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 14d component=apiserver,provider=kubernetes
Tests-MBP:k8s test$
Not sure if the pod Label <none> is a problem? I'm using labels for the Service selector.
Here's the two files...
apiVersion: v1
kind: Pod
metadata:
name: hornet-data
labels:
app: hornet-data
spec:
containers:
- image: ravendb/ravendb
name: hornet-data
ports:
- containerPort: 8080
and
apiVersion: v1
kind: Service
metadata:
name: hornet-data-lb
spec:
type: LoadBalancer
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
app: hornet-data
Update 1:
As requested by #vasily:
Tests-MBP:k8s test$ kubectl get ep hornet-data-lb
NAME ENDPOINTS AGE
hornet-data-lb <none> 5h
Update 2:
More info for/from Vasily:
Tests-MBP:k8s test$ kubectl apply -f hornet-data-pod.yaml
pod/hornet-data configured
Tests-MBP:k8s test$ kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
hornet-data 1/1 Running 0 5h app=hornet-data
Tests-MBP:k8s test$ kubectl get services --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
hornet-data-lb LoadBalancer 10.0.44.157 XX.XX.XX.XX 8080:32121/TCP 5h <none>
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 14d component=apiserver,provider=kubernetes

#vailyangapov basically answered this via comments in the OP - this answer is in two parts.
I didn't apply my changes in my manifest. I made some changes to my services yaml file but didn't push these changes up. As such I needed to do kubectl apply -f myPod.yaml.
I was in the wrong context. The current context was pointing to a test Azure Kubernetes Service. I thought it was all on my localhost cluster that comes with Docker-CE (called the docker-for-desktop cluster). As this is a new machine, I failed to enable Kubernetes with Docker (it's a manual step AFTER Docker-CE is installed .. with the default setting having it NOT enabled/not ticked). Once I manually noticed that, I ticked the option to enable Kubernetes and docker-for-desktop) cluster was installed. Then I manually changed over to this context:kubectl config use-context docker-for-desktop`.
Both these mistakes were simple. The reason for providing them into an answer is to hopefully help others use this information to help them review their own settings if something isn't working right - a similar problem to me, is occurring.

Gcloud Kubernetes connection refused to exposed service

I am unable to connect to an exposed IP for a docker container deployed on Google Could Kubernetes. I have been roughly following this tutorial but using my own application.
The deployment seems to work fine, everything is green and running when visiting the cloud dashboard but when trying to visit the deployed application on the exposed IP, I get a browser error:
This site can’t be reached
35.231.27.158 refused to connect
If I ping the IP I do get a response back.
kubectl get pods produces the following:
NAME READY STATUS RESTARTS AGE
mtg-dash-7874f6c54d-nktjn 1/1 Running 0 21m
and kubectl get service shows the following:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.7.240.1 <none> 443/TCP 23m
mtg-dash LoadBalancer 10.7.242.240 35.231.27.158 80:30306/TCP 20m
and kubectl describe svc show the following:
Name: mtg-dash
Namespace: default
Labels: run=mtg-dash
Annotations: <none>
Selector: run=mtg-dash
Type: LoadBalancer
IP: 10.7.242.240
LoadBalancer Ingress: 35.231.27.158
Port: <unset> 80/TCP
TargetPort: 8080/TCP
NodePort: <unset> 30306/TCP
Endpoints: 10.4.0.6:8080
Session Affinity: None
External Traffic Policy: Cluster
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal EnsuringLoadBalancer 37m service-controller Ensuring load balancer
Normal EnsuredLoadBalancer 37m service-controller Ensured load balancer
My Dockerfile contains the following:
FROM nginx:alpine
COPY nginx.conf /etc/nginx/nginx.conf
WORKDIR /usr/share/nginx/html
COPY dist/mtg-dash .
I have a feeling I have missed something obvious.
What more do I need to do to configure this to be accessible on the internet?
Here is a screenshot of running service:

As per the comments the target port should be 80 since that is what the application is set to listen on. Glad I could help. Picked it up from the documentation a month or so ago.
https://kubernetes.io/docs/concepts/services-networking/service/