"prefer-ip-address" of Eureka client not work in docker container - docker

I have a Spring Cloud Eureka client instance running inside docker, and I would like the client to register itself the host's IP address rather than the container's hostname to the Eureka server, so I set eureka.instance.ip-address: xx.xx.xx.xx and eureka.instance.prefer-ip-address: true to the client's application.yml, but that does not work, it still registers the container's hostname to the server, any help is appreciated!
spring:
application:
name: uaa-service
server:
port: 8799
eureka:
service-url:
defaultZone: https://XX.YY.ZZ/eureka/
instance:
prefer-ip-address: true
ip-address: xx.xx.xx.xx
My Spring Boot version is 2.0.0.RELEASE and Spring Cloud being Finchley.M9.

I'm using the same version of spring-boot and have a similar problem
But I think you are confusing IP address with the instance ID.
See this link: https://github.com/spring-cloud/spring-cloud-netflix/issues/1646#issuecomment-275121055
When you hover the mouse over the link or click on it, does it show the right IP-Address?
Anyway, I have two applications, one using spring-boot 1.5 where this property works.
With the 2.0 version the application always use the machine IP, instead what I informed in the eureka.instance.ip-address.
Edit > I reported a bug here: https://github.com/spring-cloud/spring-cloud-netflix/issues/2878

Give this in your spring service
spring:
application:
name: uaa-service
cloud:
inetutils:
ignored-interfaces:
- eth0
- eth1
- eth2
- eth3
- lo
Taken from this

Related

Not able to access application inside kubernetes POD

Service.Yaml
pods.yaml
i am not able to access my application from browser. What mistake i am doing ?
if i give Ipaddress:30010 -> my app is not getting reached. (attached my pod.yaml and service.yaml here in attachment)
You need to add targetPort setting in the ports section on your Service.yaml. This specifies the destination port of the container.
ports:
- name: http
port: 5432
targetPort: 5432
nodePort: 30010
port is a setting for in-cluster communication, that other containers in the cluster can access via {serviceName}:port.
You need to find your node ip. If you are using minikube then you find node ip list. By running kubectl cluster-info. Then in your browser go to http:[node-ip]:30010

kubeadm join times out on non-default NIC/IP

I am trying to configure a K8s cluster on-prem and the servers are running Fedora CoreOS using multiple NICs.
I am configuring the cluster to use a non-default NIC - a bond which is defined with 2 interfaces. All servers can reach each-other over that interface and have HTTP + HTTPS connectivity to the internet.
kubeadm join hangs at:
I0513 13:24:55.516837 16428 token.go:215] [discovery] Failed to request cluster-info, will try again: Get https://${BOND_IP}:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s: context deadline exceeded (Client.Timeout exceeded while awaiting headers)
The relevant kubeadm init config looks like this:
[...]
localAPIEndpoint:
advertiseAddress: ${BOND_IP}
bindPort: 6443
nodeRegistration:
kubeletExtraArgs:
volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
runtime-cgroups: "/systemd/system.slice"
kubelet-cgroups: "/systemd/system.slice"
node-ip: ${BOND_IP}
criSocket: /var/run/dockershim.sock
name: master
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
[...]
The join config that am using looks like this:
apiVersion: kubeadm.k8s.io/v1beta2
kind: JoinConfiguration
discovery:
bootstrapToken:
token: ${TOKEN}
caCertHashes:
- "${SHA}"
apiServerEndpoint: "${BOND_IP}:6443"
nodeRegistration:
kubeletExtraArgs:
volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
runtime-cgroups: "/systemd/system.slice"
kubelet-cgroups: "/systemd/system.slice"
If I am trying to configure it using default eth0, it works without issues.
This is not a connectivity issue. The port test works fine:
# nc -s ${BOND_IP_OF_NODE} -zv ${BOND_IP_OF_MASTER} 6443
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: Connected to ${BOND_IP_OF_MASTER}:6443.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
I suspect this happens due to kubelet listening on eth0, if so, can I change it to use a different NIC/IP?
LE: The eth0 connection has been cut off completely (cable out, interface down, connection down).
Now, when we init, if we choose port 0.0.0.0 for the kube-api it defaults to the bond, which we wanted initially:
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 0.0.0.0
result:
[certs] apiserver serving cert is signed for DNS names [emp-prod-nl-hilv-quortex19 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.0.0.1 ${BOND_IP}]
I have even added the 6443 port in iptables for accept and it still times out.. All my CALICO pods are up and running (all pods for that matter in kube-system namespace)
LLE:
I have tested calico and weavenet and both show the same issue. The api-server is up and can be reached from the master using curl but it times out from the nodes.
LLLE:
On the premise that the kube-api is nothing but an HTTPS server, I have tried two options from the node that cannot reach it when doing the kubeadm join:
Ran a python3 simple http server over 6443 and WAS ABLE TO CONNECT from node
Ran an nginx pod and exposed it over another port as NodePort and WAS ABLE TO CONNECT from node
the node just cant reach the api-server on 6443 or any other port for that matter ....
what am i doing wrong...
The cause:
The interface used was in BOND of type ACTIVE-ACTIVE. This made it so kubeadm tried another interface from the 2 bonded, which was not in the same subnet as the IP of the advertised server apparently...
Using ACTIVE-PASSIVE did the trick and was able to join the nodes.
LE: If anyone knows why kubeadm join does not support LACP with ACTIVE-ACTIVE bond setups on FEDORA COREOS please advise here. Otherwise, if additional configurations are required, I would very much like to know what I have missed.

Traefik and Minecraft

i'm trying to set up a Minecraft server in a VPS managed with traefik.
After I start the docker container and I tried to reach the server via weburl it fails for timeout.
If I use the server IP address is's working.
I think that the problem is that if I try to reach the default server port in Minecraft (25565) via domain the port is not redirected correctly to the container.
Also, I got to mention that my domain is under Cloudflare, but I don't think that is the problem because I've tried to bypass it turning on the development mode whit no positive results.
I've added a custom entry point as so
defaultEntryPoints = ["https","http","mc"]
[entryPoints.mc]
address = ":25565"
then in the labels of my docker-compose I've used these settings:
# map host port
ports:
- 25565:25565
networks:
- traefik_proxy
- default
labels:
- "traefik.docker.network=traefik_proxy"
- "traefik.enable=true"
- "traefik.basic.frontend.rule=Host:mc.myserver.net"
- "traefik.basic.port=25565"
- "traefik.frontend.entryPoints=mc"
But it still fails.
what am I doing wrong?
Ok, after some research the problem should be that at the moment traefik doesn't handle all the tcp traffic but only the http related one (https://github.com/containous/traefik/issues/10). From what i understand it will be supported in the V2
I've managed to make it work just altering the cloudflare setting adding a SRV records
as follow
Name - _minecraft
Value - SRV 1 1 25565

Docker for Mac Container to Host Networking - Consul Health Checks Connection Refused

I have a HTTP health check in my service, exposed on localhost:35000/health. At the moment it always returns 200 OK. The configuration for the health check is done programmatically via the HTTP API rather than with a service config, but in essence, it is:
set id: service-id
set name: health check
set notes: consul does a GET to '/health' every 30 seconds
set http: http://127.0.0.1:35000/health
set interval: 30s
When I run consul in dev mode (consul agent -dev -ui) on my host machine directly the health check passes without any problem. However, when I run consul in a docker container, the health check fails with:
2017/07/08 09:33:28 [WARN] agent: http request failed 'http://127.0.0.1:35000/health': Get http://127.0.0.1:35000/health: dial tcp 127.0.0.1:35000: getsockopt: connection refused
The docker container launches consul, as far as I am aware, in exaclty the same state as the host version:
version: '2'
services:
consul-dev:
image: "consul:latest"
container_name: "net-sci_discovery-service_consul-dev"
hostname: "consul-dev"
ports:
- "8400:8400"
- "8500:8500"
- "8600:8600"
volumes:
- ./etc/consul.d:/etc/consul.d
command: "agent -dev -ui -client=0.0.0.0 -config-dir=/etc/consul.d"
I'm guessing the problem is that consul is trying to do the GET request to the containers loopback interface rather than what I am intending, which is for the loopback interface of the host. Is that a correct assumption? More importantly, what do I need to do to correct the problem?
So it transpires that there was a bug in some previous versions of macOS that prevented use of the docker0 network. Whilst the bug is fixed in newer versions, Docker support extends to older versions and so Docker for Mac doesn't currently support docker0. See this discussion for details.
The workaround is to create an alias to the loopback interface on the host machine, set the service to listen on either that alias or 0.0.0.0, and configure Consul to send the health check GET request to the alias.
To set the alias (choose a private IP address that's not being used for anything else; I chose a class A address but that's irrelevant):
sudo ifconfig lo0 alias 10.200.10.1/24
To remove the alias:
sudo ifconfig lo0 -alias 10.200.10.1
From the service definition above, the HTTP line should now read:
set http: http://10.200.10.1:35000/health
And the HTTP server listening for the health check requests also needs to be listening on either 10.200.10.2 or 0.0.0.0. This latter option is suggested in the discussion but I've only tried it with the alias.
I've updated the title of the question to more accurately reflect the problem, now I know the solution. Hope it helps somebody else too.

Register to Eureka from Docker with a custom IP

I'm running Spring Cloud Eureka inside my Docker VM. I have services registering to it, but they use their IP adress from inside the Docker VM, but to be able to use them properly i need them to use the IP adress i can access from outside the VM.
For example inside my VM the register using 172.x.x.x and i can access the REST interface from my browser using 192.168.x.x.x. I need them to register as 192.168.x.x.x.
How can i tell my service to register with a specific IP adress?
Both previous answers are correct, but I'll make copy-pasting easier.
What you should do is add an environment variable with the host IP when starting your container and in your Spring Boot application.yml file includes it.
application.yml
eureka:
instance:
# Necessary for Docker as it doesn't have DNS entries
prefer-ip-address: true
# Necessary for Docker otherwise you will get 172.0.0.x IP
ip-address: "${HOST}"
client:
serviceUrl:
# Location of your eureka server
defaultZone: http://192.168.0.107:8761/eureka/
Running with Docker
docker run -p <port>:<port> -e HOST='192.168.0.106' <image name>
Running with docker-compose
my_service:
image: image_name
environment:
- HOST=192.168.0.106
ports:
- your_port:container_port
You can configure it in your application.yml:
eureka:
instance:
ipAddress: 192.168.x.x
Register to Eureka with a custom IP and a custom PORT:
server:
port: 18090
eureka:
instance:
prefer-ip-address: true
ip-address: 10.150.160.21
non-secure-port: 8080
I run into a situation where 10.150.160.21:8080 is mapped to 192.168.1.124:18090 over a firewall. The application is running on 192.168.1.124:18090 but have to register to Eureka with 10.150.160.21:8080.
It works for me.
You can use environment variables in the eureka configuration in application.yml
In the following example I am using the $HOST and $PORT environment variables to tell the eureka client what values to use. In my case, these variables are set by Mesos/Marathon. You may find other useful variables set by Docker.
The following works for me:
eureka:
client:
serviceUrl:
defaultZone: http://discovery.marathon.mesos:31444/eureka/
registerWithEureka: true
fetchRegistry: true
instance:
appname: configserver
health-check-url: /health
prefer-ip-address: true
ip-address: "${HOST}" # mesos/marathon populates this in the environment
non-secure-port: "${PORT}" # mesos/marathon populates this in the environment

Resources