Unable to connect to external load balancer even after exposing service in kubernetes

9/4/2018

I have the following deployment file

apiVersion: apps/v1
kind: Deployment
metadata:
  name: family-tree-deployment
  labels:
    app: familytree
spec:
  replicas: 1
  selector:
    matchLabels:
      app: familytree
  template:
    metadata:
      labels:
        app: familytree
    spec:
      containers:
      - name: familytree
        image: index.docker.io/koustubh/familytree:v1.0
        ports:
        - containerPort: 8080

I could successfully create the deployment using kubectl create -f deploy.yml

Now, I simply exposed this deployment with the following command

kubectl expose deployment family-tree-deployment --type=LoadBalancer --name=familytree-service

The service was successfully created.

The output is

$ kubectl get svc
    NAME                 TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)          AGE
    familytree-service   LoadBalancer   10.51.244.161   35.221.113.235   8080:30505/TCP   1h

$ kubectl describe svc familytree-service
    Name:                     familytree-service
    Namespace:                default
    Labels:                   app=familytree
    Annotations:              <none>
    Selector:                 app=familytree
    Type:                     LoadBalancer
    IP:                       10.51.244.161
    LoadBalancer Ingress:     35.221.113.235
    Port:                     <unset>  8080/TCP
    TargetPort:               8080/TCP
    NodePort:                 <unset>  30505/TCP
    Endpoints:                10.48.4.7:8080
    Session Affinity:         None
    External Traffic Policy:  Cluster
    Events:                   <none>

I could login to the pod and I made sure the service is working. However, when I use the external ip of the load balancer and query my api, the connection times out.

I have made sure firewall allows port 8080. My application is running on port 8080

-- kosta
google-kubernetes-engine
kubernetes

1 Answer

9/5/2018

The generated Service object looks perfectly valid, so we can exclude a label issue or a missing public IP address. Besides you can access your Service internally, which means the firewall rule was applied incorrectly, most likely.

Please ensure you allow incoming traffic as follows

  1. from the internet to the load balancer on TCP port 8080
  2. from the load balancer to all Kubernetes nodes on TCP port 30505
-- Antoine Cotten
Source: StackOverflow