K
Q

How do I externally access a service with kubernetes NodePort?

8/21/2017

I've setup a NodePort service using the following config:

wordpress-service.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
    app: wordpress
  name: wordpress
spec:
  type: NodePort
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    app: wordpress

Is this sufficient to access the service externally, if so how can I now access the service? What details do I need - and how do I determine them - for example node IP.

-- Chris Stryczynski
kubernetes

Similar Questions

Check availability of specified ports in each node
How do I add an intermediate SSL certificate to Kubernetes ingress TLS configuration?
Running Spring boot application in a container? or a VM? or a container inside a VM?
Recommended way to configure max_prepared_transactions in Postgres on Kubernetes

3 Answers

10/24/2017

For Kubernetes on GCE:

We had the same question regarding services of type NodePort: How do we access node port services from our own host?

@ivan.sim 's answer (nodeIp:nodePort) is on mark however, you still wouldn't be able to access your service unless you add a firewall ingress (inbound to google cloud) traffic rule on the VPC network console to allow your host to be able to access your compute node

enter image description here the above rule is dangerous and should be used only during development

You can find the node port using either the Google Cloud console or by running subsequent kubectl commands to find out the node running your pod which has your container. i.e kubectl get pods , kubectl describe pod your-pod-name, kubectl describe node node-that-runs-you-pod .status.addresses has your ExternalIP

It would be great if we could extract the node ip running our container in the pod using only a label/selector and a few line of commands, so here is what we did, in this case our selector is app: your-label:

$ nodename=$(kubectl get pods -o jsonpath='{.items[?(@.metadata.labels.app=="your-label")].spec.nodeName}')

$ nodeIp=$(kubectl get nodes -o jsonpath='{.items[?(@.metadata.name=="'$(echo $nodename)'")].status.addresses[?(@.type=="ExternalIP")].address}')

$ echo nodeIp

notice: we used json path to extract the information we desired, for more on json path see: json path

You could certainly turn this into a script that takes a label/selector as input and outputs an external ip of the node running your container !!!

To get the nodeport just type:

$ kubectl get services

under the PORT(S) columns you will see something like tagetPort:nodePort. this nodeport is what you want .

nodeIp:nodePort
-- M.Harris
Source: StackOverflow
8/21/2017

When you define a service as type NodeIP, every node in your cluster will proxy that port to your service. If you nodes are reachable from outside the Kubernetes cluster, you should be able to access the service at nodeIP:nodePort.

To determine nodeIP of a particular node, you can use either kubectl get no <node> -o yaml or kubectl describe no <node>. The status.Addresses field will be of interest. Generally, you will see fields like HostName, ExternalIP and InternalIP there.

To determine nodePort of your service, you can use either kubectl get svc wordpress -o yaml or kubectl describe svc wordpress. The spec.ports.nodePort is the port you need.

-- ivan.sim
Source: StackOverflow
8/21/2017

Service defined like this got assgned a high port number and is exposed on all your cluster nodes on that port (probably something like 3xxxx). Hard to tell the rest without proper knowledge of how your cluster is provisioned. kubectl get nodes should give you some knowledge about your nodes.

Although I assume you want to expose the service to the outside world. In the long run I suggest getting familiar with LoadBalancer type services and Ingress / IngressController

-- Radek 'Goblin' Pieczonka
Source: StackOverflow