kubernetes Clusterip+port is not reachable in some cases - docker

l tried to set up a dvwa environment in k8s, l found it not work as usual when l exposed the dvwa pods's port.
l tried exposing a nginx sample to make sure my k8s env is working. And yes nginx works well in my local machine
Here is some information
# dvwa.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: dvwa
spec:
replicas: 2
selector:
app: dvwa
template:
metadata:
labels:
app: dvwa
spec:
containers:
- name: dvwa
image: citizenstig/dvwa:latest
ports:
- containerPort: 3306
# dvwa_service.yaml
apiVersion: v1
kind: Service
metadata:
name: dvwa
spec:
ports:
- port: 3306
selector:
app: dvwa
type: NodePort
$ kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
AGE SELECTOR
dvwa NodePort 10.98.238.130 <none>
3306:32393/TCP 7m15s app=dvwa
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP
35h <none>
nginx NodePort 10.97.143.32 <none>
80:31961/TCP 5m51s app=nginx
When l ssh into one of my k8s machine and typed curl 10.97.143.32:80, it returns the nginx page, but curl 10.98.238.130:3306 not works, the docker image is citizenstig/dvwa which expose 80 and 3306, l also tried using 80 port in dvwa_service.yaml but still not work.
Can anyone help me??? Thanks in advance!

targetPort is missing in your service definition
Try below service definition
apiVersion: v1
kind: Service
metadata:
name: dvwa
spec:
ports:
- port: 3306
targetPort: 3306
selector:
app: dvwa
type: NodePort
can you get into the dvwa pod and run localhost:3306
do you get any response?

Related

how to deploy and access loadbalancer kubernetes service on localhost/local machine using docker desktop k8s cluster?

unable to access the service deployed on local k8s cluster created using docker desktop.
#nginxsvc
#service
apiVersion: v1
kind: Service
metadata:
name: nginxsvc
labels:
app: nginx-app
spec:
selector:
app: nginx-app
type: LoadBalancer
ports:
- port: 8080 #service port
targetPort: 8080 #container port
protocols: TCP
#Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx-app
spec:
replicas: 1
selector:
matchLabels:
app: nginx-app
template:
metadata:
labels:
app: nginx-app
spec:
containers:
- name: nginx-controller
image: nginx:latest
ports:
- containerPort: 8080
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 15m <none>
service/nginxsvc LoadBalancer 10.98.148.173 localhost 8080:32090/TCP 15m app=nginx-app
tried accessing using localhost:32090
Try on the localhost:8080 You have to use the nginxsvc, port
The one you used 32090 is node port with this you have to use the Node-IP:nodeport to access.

Why external IP of AKS is not working? Something wrong with yaml?

I try to deploy simple API to AKS. API works fine in local docker.
I get no errors. I see from AKS that status is running. However browser does not respond. Could someone check yaml or give tip what could be wrong?
C:\Azure\ACIPythonAPI\conda-flask-api> kubectl get service demo-flask-api --watch
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
demo-flask-api LoadBalancer 10.0.105.135 11.22.33.44 80:31551/TCP 5m53s
aks.yaml file:
apiVersion: v1
kind: Service
metadata:
name: demo-flask-api
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
selector:
app: demo-flask-api
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-flask-api
spec:
replicas: 1
selector:
matchLabels:
app: demo-flask-api
template:
metadata:
labels:
app: demo-flask-api
spec:
containers:
- name: demo-flask-api
image: mycontainerregistry.azurecr.io/demo/flask-api:v1
ports:
- containerPort: 8080
Seems you did not defined a Ingress resource nether an Ingress Controller.
Here is a Workflow from MS to install ingress-nginx as Ingress Controller on your Cluster.
You then expose the IC service like this:
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: myResourceGroup # only needed if the LB is in another RG
name: ingress-nginx-controller
spec:
loadBalancerIP: <YOUR_STATIC_IP>
type: LoadBalancer
The Ingress Controller then will route incoming traffic to your demo flask API with an Ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
spec:
ingressClassName: nginx # ingress-nginx specifix
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: test
port:
number: 80

Why can't I access a ClusterIP service thru its name?

I set up a simple redis ClusterIP service to be accessed by a php LoadBalancer service inside the Cluster. The php log shows the connection timeout error. The redis service is not accessible.
'production'.ERROR: Operation timed out {"exception":"[object] (RedisException(code: 0):
Operation timed out at /var/www/html/vendor/laravel/framework/src/Illuminate/Redis
/html/vendor/laravel/framework/src/Illuminate/Redis/Connectors/PhpRedisConnector.php(109):
Redis->connect('redis-svc', '6379', 0, '', 0, 0)
My redis service is quite simple so I don't know what went wrong:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
io.kompose.service: redis
name: redis
spec:
replicas: 1
strategy: {}
template:
metadata:
labels:
io.kompose.service: redis
spec:
containers:
- image: redis:alpine
name: redis
resources: {}
ports:
- containerPort: 6379
restartPolicy: Always
status: {}
---
kind: Service
apiVersion: v1
metadata:
name: redis-svc
spec:
selector:
app: redis
ports:
- protocol: TCP
port: 6379
targetPort: 6379
type: ClusterIP
I verify redis-svc is running, so why it can't be access by other service
kubectl get service redis-svc git:k8s*
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
redis-svc ClusterIP 10.101.164.225 <none> 6379/TCP 22m
This SO kubernetes cannot ping another service said ping doesn't work with service's cluster IP(indeed) how do I verify whether redis-svc can be accessed or not ?
---- update ----
My first question was a silly mistake but I still don't know how do I verify whether the service can be accessed or not (by its name). For example I changed the service name to be the same as the deployment name and I found php failed to access redis again.
kubectl get endpoints did not help now.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: redis
...
status: {}
---
kind: Service
apiVersion: v1
metadata:
name: redis
...
my php is another service with env set the redis's service name
spec:
containers:
- env:
- name: REDIS_HOST # the php code access this variable
value: redis-svc #changed to "redis" when redis service name changed to "redis"
----- update 2------
The reason I can' set my redis service name to "redis" is b/c "kubelet adds a set of environment variables for each active Service" so with the name "redis", there will be a REDIS_PORT=tcp://10.101.210.23:6379 which overwrite my own REDIS_PORT=6379
But my php just expect the value of REDIS_PORT to be 6379
I ran the yaml configuration given by you and it created the deployment and service. However when I run the below commands:
>>> kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d14h
redis-svc ClusterIP 10.105.31.201 <none> 6379/TCP 109s
>>>> kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 192.168.99.116:8443 5d14h
redis-svc <none> 78s
As you see, the endpoints for redis-svc is none, it means that the service doesn't have an endpoint to connect to. You are using selector labels as app: redis in the redis-svc. But the pods doesn't have the selector label defined in the service. Adding the label app: redis to the pod template will work. The complete working yaml configuration of deployment will look like:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
io.kompose.service: redis
name: redis
spec:
replicas: 1
strategy: {}
template:
metadata:
labels:
io.kompose.service: redis
app: redis
spec:
containers:
- image: redis:alpine
name: redis
resources: {}
ports:
- containerPort: 6379
restartPolicy: Always
status: {}

Kubernetes NodePort doesn't return the response from the container

I've developed a containerized Flask application and I want to deploy it with Kubernetes. However, I can't connect the ports of the Container with the Service correctly.
Here is my Deployment file:
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: <my-app-name>
spec:
replicas: 1
template:
metadata:
labels:
app: flaskapp
spec:
containers:
- name: <container-name>
image: <container-image>
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5000
name: http-port
---
apiVersion: v1
kind: Service
metadata:
name: <service-name>
spec:
selector:
app: flaskapp
ports:
- name: http
protocol: TCP
targetPort: 5000
port: 5000
nodePort: 30013
type: NodePort
When I run kubectl get pods, everything seems to work fine:
NAME READY STATUS RESTARTS AGE
<pod-id> 1/1 Running 0 7m
When I run kubectl get services, I get the following:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
<service-name> NodePort 10.105.247.63 <none> 5000:30013/TCP
...
However, when I give the following URL to the browser: 10.105.247.63:30013, the browser keeps loading but never returns the data from the application.
Does anyone know where the problem could be? It seems that the service is not connected to the container's port.
30013 is the port on the Node not in the cluster IP. To get a reply you would have to connect to <IP-address-of-the-node>:30013. To get the list of nodes you can:
kubectl get nodes -o=wide
You can also go through the CLUSTER-IP but you'll have to use the exposed port 5000: 10.105.247.63:5000

External endpoint of Kubernetes dashboard

I was just wondering how to manually set the external endpoint used by the Kubernetes web dashboard.
After creating the namespace kube-system, I ran the following:
kubectl create -f https://rawgit.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml
Is there a flag I can use to specify which tcp port to use for external access? As far as I can tell it's just randomly assigning one. I've looked through the documentation but I'm having a hard time finding a solution. Any help would be appreciated.
You can specify the desired port as the nodePort in the yaml spec that you use to create the service. In this case, where the yaml file you linked to defines the service as:
- kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard
You would want to define it as below, assuming your desired port number is 33333:
- kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
nodePort: 33333
selector:
app: kubernetes-dashboard

Resources