K
Q

Google container engine, direct access to pods

8/10/2017

I am trying to deploy multiple identical docker containers on Google Container Engine. I am using kubectl for that following the instructions here: https://cloud.google.com/container-engine/docs/tutorials/hello-node

The instructions describe how to run a redundant service managed by the load balancer, so when I contact the balancer, it sends my request to one of my redundant pods. And in that mode, it works fine.

But I need to do this differently. I need to be able to contact individual pods directly from the client. So I am trying to use --type=NodePort with my "kubectl expose deployment" command:

mac-124307:hellonode ivm$ kubectl expose deployment hello-world --type=NodePort --port 9000 --target-port 9000
service "hello-world" exposed

mac-124307:hellonode ivm$ kubectl get service
NAME          CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
hello-world   10.15.253.149   <nodes>       9000:30513/TCP   21m
kubernetes    10.15.240.1     <none>        443/TCP          46m

The command does not complain, and I can use "gcloud compute instances list" to see external IP addressed of individual pods:

mac-124307:hellonode ivm$ gcloud compute instances list
NAME                                          ZONE           MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP     STATUS
gke-hello-cluster-default-pool-402030b2-j60q  us-central1-a  n1-standard-1               10.128.0.3   104.197.72.212  RUNNING
gke-hello-cluster-default-pool-402030b2-q86r  us-central1-a  n1-standard-1               10.128.0.4   35.192.4.43     RUNNING
gke-hello-cluster-default-pool-402030b2-tf7t  us-central1-a  n1-standard-1               10.128.0.2   146.148.72.137  RUNNING

but when I try to connect to port 9000 at any of these IP addresses, my connection times-out.

mac-124307:hellonode ivm$ curl http://104.197.72.212:9000/
... <time-out>

What am I doing wrong ?

-- ivm.fnal
google-kubernetes-engine
kubernetes

Similar Questions

(gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account "default"
How do you add scrape targets to a Prometheus server that was installed with Kubernetes-Helm?
Get the image and SHA image ID of images in pod on Kubernetes deployment
Kubernetes - update ConfigMap programmatically

1 Answer

8/16/2017

Note that the node port that was allocated is 30513. You are using 9000, that's the port for the ClusterIP, 10.15.253.149 that was assigned.

You also need to have port 30513 open on the firewall, as suggested by Eric.

If you only need a one-off access to this pod, you can also use kubectl port-forward name-of-a-hello-pod 9000 which will forward 127.0.0.1:9000 on your workstation directly to the pod. Of course this only works as long as kubect port-forward is running.

-- Janos Lenart
Source: StackOverflow