Service in unreachable from outside - docker

I have a problem with accessible my service from outside.
First of all, here is my conf yaml files:
nginx-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
namespace: development
spec:
selector:
matchLabels:
app: my-nginx
replicas: 2
template:
metadata:
labels:
app: my-nginx
spec:
containers:
- name: my-nginx
image: nginx:1.7.9
ports:
- containerPort: 80
nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: development
spec:
type: LoadBalancer
selector:
app: my-nginx
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
metallb-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 51.15.41.227-51.15.41.227
Then i have created the cluster. Command kubectl get all -o wide prints:
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod/my-nginx-5796dcf6c4-rxl6k 1/1 Running 1 20h 10.244.0.16 scw-7d6c86
pod/my-nginx-5796dcf6c4-zf7vd 1/1 Running 0 20h 10.244.1.4 scw-7a7908
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/nginx-service LoadBalancer 10.100.63.177 51.15.41.227 80:30883/TCP 54m app=my-nginx
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/my-nginx 2 2 2 2 20h my-nginx nginx:1.7.9 app=my-nginx
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/my-nginx-5796dcf6c4 2 2 2 20h my-nginx nginx:1.7.9 app=my-nginx,pod-template-hash=5796dcf6c4
Everythink is fine, also kubectl describe service/nginx-service prints:
Name: nginx-service
Namespace: development
Labels:
Annotations:
Selector: app=my-nginx
Type: LoadBalancer
IP: 10.100.63.177
LoadBalancer Ingress: 51.15.41.227
Port: http 80/TCP
TargetPort: 80/TCP
NodePort: http 30883/TCP
Endpoints: 10.244.0.16:80,10.244.1.4:80
Session Affinity: None
External Traffic Policy: Cluster
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal IPAllocated 56m metallb-controller Assigned IP "51.15.41.227"
Curl command inside master server curl 51.15.41.227 prints Welcome to nginx blablabla. Next i tried to open from another network, it doesn't work, however i added node port it works curl 51.15.41.227:30883. All this i did on a bare-metal. I expected to happen curl 51.15.41.227 from external host should reach result.
What did i do wrong?

Definitely it will work with http://51.15.41.227 or 51.15.41.227:80. You can upvote answer by pressing up button.

You should definitely use the node port 30883(randomly assigned port) while accessing from External Network. Otherwise it don't know where to route the request.
curl http://51.15.41.227:30883

Related

Kubernetes deployment not reachable via browser exposed with service

I'm following below to launch a multi-container app (db and web-app). Following is based on this.
--- BLOW STEPS ARE COPIED FROM ANSWER PROVIDED BY THIS USER docker mysql in kuberneted ERROR 2005 (HY000): Unknown MySQL server host '' (-3) ---
First, use your favorite editor to start a eramba-cm.yaml file:
apiVersion: v1
kind: ConfigMap
metadata:
name: eramba
namespace: eramba-1
data:
c2.8.1.sql: |
CREATE DATABASE IF NOT EXISTS erambadb;
USE erambadb;
## IMPORTANT: MUST BE INDENT 2 SPACES AFTER c2.8.1.sql ##
<copy & paste content from here: https://raw.githubusercontent.com/markz0r/eramba-community-docker/master/sql/c2.8.1.sql>
kubectl create -f eramba-cm.yaml
Create the storage for MariaDB:
cat << EOF > eramba-storage.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: eramba-storage
spec:
storageClassName: eramba-storage
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /home/osboxes/eramba/erambadb
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: eramba-storage
namespace: eramba-1
spec:
storageClassName: eramba-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
...
EOF
kubectl create -f eramba-storage.yaml
Install bitnami/mariadb using Helm
helm repo add bitnami https://charts.bitnami.com/bitnami
helm upgrade -i eramba bitnami/mariadb --set auth.rootPassword=eramba,auth.database=erambadb,initdbScriptsConfigMap=eramba,volumePermissions.enabled=true,primary.persistence.existingClaim=eramba-storage --namespace eramba-1 --set mariadb.volumePermissions.enabled=true
Run eramba web application:
apiVersion: apps/v1
kind: Deployment
metadata:
name: eramba-web
namespace: eramba-1
labels:
app.kubernetes.io/name: eramba-web
spec:
replicas: 1
selector:
matchLabels:
app: eramba-web
template:
metadata:
labels:
app: eramba-web
spec:
containers:
- name: eramba-web
image: markz0r/eramba-app:c281
imagePullPolicy: IfNotPresent
env:
- name: MYSQL_HOSTNAME
value: eramba-mariadb
- name: MYSQL_DATABASE
value: erambadb
- name: MYSQL_USER
value: root
- name: MYSQL_PASSWORD
value: eramba
- name: DATABASE_PREFIX
value: ""
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: eramba-web
namespace: eramba-1
labels:
app.kubernetes.io/name: eramba-web
spec:
ports:
- name: http
nodePort: 30045
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/name: eramba-web
type: NodePort
...
Now browse eramba-web via port-forward or http://<node ip>:30045.
The kubectl get cm,pvc,pv,svc,pods output is:
root#osboxes:~# kubectl get cm,pvc,pv,svc,pods -o wide -n eramba-1
NAME DATA AGE
configmap/eramba 1 134m
configmap/eramba-mariadb 1 131m
configmap/kube-root-ca.crt 1 29h
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE VOLUMEMODE
persistentvolumeclaim/eramba-storage Bound eramba-storage 5Gi RWO eramba-storage 133m Filesystem
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE VOLUMEMODE
persistentvolume/eramba-storage 5Gi RWO Retain Bound eramba-1/eramba-storage eramba-storage 133m Filesystem
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/eramba-mariadb ClusterIP 10.104.161.85 <none> 3306/TCP 131m app.kubernetes.io/component=primary,app.kubernetes.io/instance=eramba,app.kubernetes.io/name=mariadb
service/eramba-web NodePort 10.100.185.75 <none> 8080:30045/TCP 129m app.kubernetes.io/name=eramba-web
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/eramba-mariadb-0 1/1 Running 0 131m 10.20.0.6 osboxes <none> <none>
pod/eramba-web-6cc9c687d8-k6r9j 1/1 Running 0 129m 10.20.0.7 osboxes <none> <none>
When I tried to access 10.100.185.75:30045, the browser is says not reachable.
root#osboxes:/home/osboxes/eramba# kubectl describe service/eramba-web -n eramba-1
Name: eramba-web
Namespace: eramba-1
Labels: app.kubernetes.io/name=eramba-web
Annotations: <none>
Selector: app.kubernetes.io/name=eramba-web
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.100.185.75
IPs: 10.100.185.75
Port: http 8080/TCP
TargetPort: 8080/TCP
NodePort: http 30045/TCP
Endpoints: <none>
Session Affinity: None
External Traffic Policy: Cluster
Events:
the logs for the web-app pod:
root#osboxes:~# kubectl logs eramba-web-6cc9c687d8-k6r9j -n eramba-1
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.20.0.7. Set the 'ServerName' directive globally to suppress this message
root#osboxes:~#
I've noticed the lack of endpoint for the Eramba-web service. When I changed the selector app to eramba-web, the endpoint has an IP, but the browser still cant reach the app.
This is a community wiki answer posted for better visibility. Feel free to expand it.
The requester uses the NodePort type for the eramba-web service. To access the application, it necessary to use the IP addresses of the nodes in the cluster, instead of using the internal IP address 10.100.x.y.
From Kubernetes documentation:
NodePort: Exposes the Service on each Node's IP at a static port (the
NodePort). A ClusterIP Service, to which the NodePort Service routes,
is automatically created. You'll be able to contact the NodePort
Service, from outside the cluster, by requesting <NodeIP>:<NodePort>.

Kubernetes, can't reach Pod with external IP address

I'm new to Kubernetes and I live some problems.
I have a ubuntu server and I working on it. I created pods and services, also I have an API-Gateway pod and service. And I want to reach this pod with my ubuntu server IP address from my PC.
But I cannot reach this pod from outside of the server.
My app on the docker image is running on 80 port.
My api-gateway.yaml file is like that:
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 1
selector:
matchLabels:
app: api-gateway
template:
metadata:
labels:
app: api-gateway
spec:
containers:
- name: api-gateway
image: myapi/api-gateway
---
apiVersion: v1
kind: Service
metadata:
name: api-gateway
spec:
selector:
app: api-gateway
ports:
- name: api-gateway
protocol: TCP
port: 80
targetPort: 80
nodePort: 30007
type: NodePort
externalIPs:
- <My Ubuntu Server IP Adress>
and when I type kubectl get services api-gateway, I get
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
api-gateway NodePort 10.104.42.32 <MyUbuntuS IP> 80:30007/TCP 131m
also when I type kubectl describe services api-gateway, I get
Name: api-gateway
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=api-gateway
Type: NodePort
IP Families: <none>
IP: 10.104.42.32
IPs: 10.104.42.32
External IPs: <My Ubuntu Server IP Adress>
Port: api-gateway 80/TCP
TargetPort: 80/TCP
NodePort: api-gateway 30007/TCP
Endpoints: 172.17.0.4:80
Session Affinity: None
External Traffic Policy: Cluster
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Type 30m service-controller ClusterIP -> LoadBalancer
Normal Type 6m10s service-controller NodePort -> LoadBalancer
Normal Type 77s (x2 over 9m59s) service-controller LoadBalancer -> NodePort
So, how can I reach this pod on my PC's browser or Postman?

kubernetes Clusterip+port is not reachable in some cases

l tried to set up a dvwa environment in k8s, l found it not work as usual when l exposed the dvwa pods's port.
l tried exposing a nginx sample to make sure my k8s env is working. And yes nginx works well in my local machine
Here is some information
# dvwa.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: dvwa
spec:
replicas: 2
selector:
app: dvwa
template:
metadata:
labels:
app: dvwa
spec:
containers:
- name: dvwa
image: citizenstig/dvwa:latest
ports:
- containerPort: 3306
# dvwa_service.yaml
apiVersion: v1
kind: Service
metadata:
name: dvwa
spec:
ports:
- port: 3306
selector:
app: dvwa
type: NodePort
$ kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
AGE SELECTOR
dvwa NodePort 10.98.238.130 <none>
3306:32393/TCP 7m15s app=dvwa
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP
35h <none>
nginx NodePort 10.97.143.32 <none>
80:31961/TCP 5m51s app=nginx
When l ssh into one of my k8s machine and typed curl 10.97.143.32:80, it returns the nginx page, but curl 10.98.238.130:3306 not works, the docker image is citizenstig/dvwa which expose 80 and 3306, l also tried using 80 port in dvwa_service.yaml but still not work.
Can anyone help me??? Thanks in advance!
targetPort is missing in your service definition
Try below service definition
apiVersion: v1
kind: Service
metadata:
name: dvwa
spec:
ports:
- port: 3306
targetPort: 3306
selector:
app: dvwa
type: NodePort
can you get into the dvwa pod and run localhost:3306
do you get any response?

Kubernetes NodePort doesn't return the response from the container

I've developed a containerized Flask application and I want to deploy it with Kubernetes. However, I can't connect the ports of the Container with the Service correctly.
Here is my Deployment file:
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: <my-app-name>
spec:
replicas: 1
template:
metadata:
labels:
app: flaskapp
spec:
containers:
- name: <container-name>
image: <container-image>
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5000
name: http-port
---
apiVersion: v1
kind: Service
metadata:
name: <service-name>
spec:
selector:
app: flaskapp
ports:
- name: http
protocol: TCP
targetPort: 5000
port: 5000
nodePort: 30013
type: NodePort
When I run kubectl get pods, everything seems to work fine:
NAME READY STATUS RESTARTS AGE
<pod-id> 1/1 Running 0 7m
When I run kubectl get services, I get the following:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
<service-name> NodePort 10.105.247.63 <none> 5000:30013/TCP
...
However, when I give the following URL to the browser: 10.105.247.63:30013, the browser keeps loading but never returns the data from the application.
Does anyone know where the problem could be? It seems that the service is not connected to the container's port.
30013 is the port on the Node not in the cluster IP. To get a reply you would have to connect to <IP-address-of-the-node>:30013. To get the list of nodes you can:
kubectl get nodes -o=wide
You can also go through the CLUSTER-IP but you'll have to use the exposed port 5000: 10.105.247.63:5000

Kubernetes Nginx Ingress Controller expose Nginx Webserver

I basically want to access the Nginx-hello page externally by URL. I've made a (working) A-record for a subdomain to my v-server running kubernetes and Nginx ingress: vps.my-domain.com
I installed Kubernetes via kubeadm on CoreOS as a single-node cluster using these tutorials: https://kubernetes.io/docs/setup/independent/install-kubeadm/, https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/, and nginx-ingress using https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal.
I also added the following entry to the /etc/hosts file:
31.214.xxx.xxx vps.my-domain.com
(xxx was replaced with the last three digits of the server IP)
I used the following file to create the deployment, service, and ingress:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
selector:
matchLabels:
run: my-nginx
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- name: http
containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
run: my-nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-nginx
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "False"
spec:
rules:
- host: vps.my-domain.com
http:
paths:
- backend:
serviceName: my-nginx
servicePort: 80
Output of describe ing:
core#vps ~/k8 $ kubectl describe ing
Name: my-nginx
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
vps.my-domain.com
my-nginx:80 (<none>)
Annotations:
kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"extensions/v1beta1",...}
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: False
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal UPDATE 49m (x2 over 56m) nginx-ingress-controller Ingress default/my-nginx
While I can curl the Nginx hello page using the nodeip and port 80 it doesn't work from outside the VM. Failed to connect to vps.my-domain.com port 80: Connection refused
Did I forgot something or is the configuration just wrong? Any help or tips would be appreciated!
Thank you
EDIT:
Visiting "vps.my-domain.com:30519` gives me the nginx welcome page. But in the config I specified port :80.
I got the port from the output of get services:
core#vps ~/k8 $ kubectl get services --all-namespaces | grep "my-nginx"
default my-nginx ClusterIP 10.107.5.14 <none> 80/TCP 1h
I also got it to work on port :80 by adding
externalIPs:
- 31.214.xxx.xxx
to the my-nginx service. But this is not how it's supposed to work, right? In the tutorials and examples for kubernetes and ingress-nginx, it worked always without externalIPs. Also the ingress rules doesn't work now (e.g. if I set the path to /test).
So apparently I was missing one part: the load balancer. I'm not sure why this wasn't mentioned in those instructions as a requirement. But i followed this tutorial: https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#a-pure-software-solution-metallb and now everything works.
Since metallb requires multiple ip addresses, you have to list your single ip-adress with the subnet \32: 31.214.xxx.xxx\32

Resources