Service not exposing in kubernetes

8/2/2018

I have a deployment and a service in GKE. I exposed the deployment as a Load Balancer but I cannot access it through the service (curl or browser). I get an:

curl: (7) Failed to connect to <my-Ip-Address> port 443: Connection refused

I can port forward directly to the pod and it works fine:

kubectl --namespace=redfalcon port-forward web-service-rf-76967f9c68-2zbhm 9999:443 >> /dev/null

curl -k -v --request POST   --url https://localhost:9999/auth/login/   --header 'content-type: application/json'   --header 'x-profile-key: '   --data '{"email":"<testusername>","password":"<testpassword>"}'

I have most likely misconfigured my service but cannot see how. Any help on what I did would be very much appreciated.

Service Yaml:

---
apiVersion: v1
kind: Service
metadata:
  name: red-falcon-lb
  namespace: redfalcon
spec:
  type: LoadBalancer
  ports:
  - name: https
    port: 443
    protocol: TCP
  selector:
   app: web-service-rf

Deployment YAML

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: web-service-rf
spec:
  selector:
    matchLabels:
      app: web-service-rf
  replicas: 2 # tells deployment to run 2 pods matching the template
  template:
    metadata:
      labels:
        app: web-service-rf
    spec:
      initContainers:
        - name: certificate-init-container
          image: proofpoint/certificate-init-container:0.2.0
          imagePullPolicy: Always
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
          args:
            - "-namespace=$(NAMESPACE)"
            - "-pod-name=$(POD_NAME)"
            - "-query-k8s"
          volumeMounts:
            - name: tls
              mountPath: /etc/tls
      containers:
        - name: web-service-rf
          image: gcr.io/redfalcon-186521/redfalcon-webserver-minimal:latest
#          image: gcr.io/redfalcon-186521/redfalcon-webserver-full:latest
          command:
            - "./server"
            - "--port=443"
          imagePullPolicy: Always
          env:
            - name: GOOGLE_APPLICATION_CREDENTIALS
              value: /var/secrets/google/key.json
          ports:
            - containerPort: 443
          resources:
            limits:
              memory: "500Mi"
              cpu: "100m"
          volumeMounts:
          - mountPath: /etc/tls
            name: tls
          - mountPath: /var/secrets/google
            name: google-cloud-key
      volumes:
        - name: tls
          emptyDir: {}
        - name: google-cloud-key
          secret:
           secretName: pubsub-key

output: kubectl describe svc red-falcon-lb

Name:                     red-falcon-lb
Namespace:                redfalcon
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"red-falcon-lb","namespace":"redfalcon"},"spec":{"ports":[{"name":"https","port...
Selector:                 app=web-service-rf
Type:                     LoadBalancer
IP:                       10.43.245.9
LoadBalancer Ingress:     <EXTERNAL IP REDACTED>
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  31524/TCP
Endpoints:                10.40.0.201:443,10.40.0.202:443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason                Age   From                Message
  ----    ------                ----  ----                -------
  Normal  EnsuringLoadBalancer  39m   service-controller  Ensuring load balancer
  Normal  EnsuredLoadBalancer   38m   service-controller  Ensured load balancer
-- mornindew
google-kubernetes-engine
kubernetes
kubernetes-deployment
kubernetes-service
load-balancing

1 Answer

8/8/2018

I figured out what it was...

My golang app was listening on localhost instead of 0.0.0.0. This meant that port forwarding on kubectl worked but any service exposure didn't work.

I had to add "--host 0.0.0.0" to my k8s command and it then listened to requests from outside localhost.

My command ended up being...

"./server --port 8080 --host 0.0.0.0"

-- mornindew
Source: StackOverflow