Exporting service via NodePort

1/21/2019

I'm following this example in order to create a Docker registry with Kubernetes: https://robertbrem.github.io/Microservices_with_Kubernetes/03_Docker_registry/01_Setup_a_docker_registry/

I'm using Minikube, started in this way

 minikube start --vm-driver=none

And it works, I can access it from minikubeNode:30500.

Now I restart the computer where minikube is installed, and I cannot access anymore docker registry, even though the POD is running, and the service definition is the same as before.

My Service:

apiVersion: v1
kind: Service
metadata:
  name: registro
  labels:
    name: registro
spec:
  ports:
  - port: 5001
    targetPort: 5000
    nodePort: 30500
  selector:
    apl: registro
  type: NodePort

My Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: registro
spec:
  replicas: 1
  selector:
    matchLabels:
      apl: registro
  template:
    metadata:
      labels:
        apl: registro
    spec:
      containers:
      - resources:
        name: registry
        image: registry:2
        ports:
        - name: registry-port
          containerPort: 5000
        volumeMounts:
        - mountPath: /var/lib/registry
          name: img
        - mountPath: /certs
          name: certs
        - mountPath: /auth
          name: auth
        env:
        - name: REGISTRY_AUTH
          value: "htpasswd"
        - name: REGISTRY_AUTH_HTPASSWD_REALM
          value: "Registry Realm"
        - name: REGISTRY_AUTH_HTPASSWD_PATH
          value: /auth/htpasswd
        - name: REGISTRY_HTTP_TLS_CERTIFICATE
          value: /certs/fullchain.pem
        - name: REGISTRY_HTTP_TLS_KEY
          value: /certs/privkey.pem
      volumes:
      - name: img
        hostPath:
          path: /home/ema/adm/docker/registro/img
      - name: certs
        hostPath:
          path: /home/ema/adm/docker/registro/certs
      - name: auth
        hostPath:
          path: /home/ema/adm/docker/registro/auth

Current Cluster IP:

# kubectl cluster-info
Kubernetes master is running at https://10.129.3.44:8443
KubeDNS is running at https://10.129.3.44:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

My POD:

# kubectl describe pods
Name:               registro-6b657796b-fx9jf
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               minikube/10.129.3.44
Start Time:         Fri, 18 Jan 2019 10:17:04 +0100
Labels:             apl=registro
                    pod-template-hash=6b657796b
Annotations:        <none>
Status:             Running
IP:                 172.17.0.4
Controlled By:      ReplicaSet/registro-6b657796b
Containers:
  registry:
    Container ID:   docker://1b8ab87d5fd7602ee671abc1a6ebffdbcdc4c6d8892c174f83dea8cd4ee722a9
    Image:          registry:2
    Image ID:       docker-pullable://registry@sha256:1cd9409a311350c3072fe510b52046f104416376c126a479cef9a4dfe692cf57
    Port:           5000/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Fri, 18 Jan 2019 13:03:25 +0100
    Last State:     Terminated
      Reason:       Error
      Exit Code:    137
      Started:      Fri, 18 Jan 2019 10:17:06 +0100
      Finished:     Fri, 18 Jan 2019 13:02:55 +0100
    Ready:          True
    Restart Count:  1
    Environment:
      REGISTRY_AUTH:                  htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM:   Registry Realm
      REGISTRY_AUTH_HTPASSWD_PATH:    /auth/htpasswd
      REGISTRY_HTTP_TLS_CERTIFICATE:  /certs/fullchain.pem
      REGISTRY_HTTP_TLS_KEY:          /certs/privkey.pem
    Mounts:
      /auth from auth (rw)
      /certs from certs (rw)
      /var/lib/registry from img (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-9b46l (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  img:
    Type:          HostPath (bare host directory volume)
    Path:          /home/ema/adm/docker/registro/img
    HostPathType:  
  certs:
    Type:          HostPath (bare host directory volume)
    Path:          /home/ema/adm/docker/registro/certs
    HostPathType:  
  auth:
    Type:          HostPath (bare host directory volume)
    Path:          /home/ema/adm/docker/registro/auth
    HostPathType:  
  default-token-9b46l:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-9b46l
    Optional:    false
...

My Service:

# kubectl describe service registro
Name:                     registro
Namespace:                default
Labels:                   name=registro
Annotations:              <none>
Selector:                 apl=registro
Type:                     NodePort
IP:                       10.101.157.80
Port:                     <unset>  5001/TCP
TargetPort:               5000/TCP
NodePort:                 <unset>  30500/TCP
Endpoints:                172.17.0.4:5000
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

Pod IP is working:

# curl 172.17.0.4:5000

Cluster IP doesn't complain but remains stuck:

# curl 10.101.157.80:5001

Node port IP doesn't work:

# curl 10.129.3.44:30500 curl: (7) Failed connect to 10.129.3.44:30500

Why cant't I access my service from the node?

How to diagnose what is happening?

UPDATE 1

When starting minikube in this way:

minikube start --vm-driver none

I get the following warnings:

[WARNING Hostname]: hostname "minikube" could not be reached
[WARNING Hostname]: hostname "minikube" lookup minikube on 10.126.20.16:53: server misbehaving
[WARNING DirAvailable--data-minikube]: /data/minikube is not empty
....    
Error creating PKI assets: failed to write certificate "apiserver-kubelet-client": certificate apiserver-kubelet-client is not signed by corresponding CA
....    
.: exit status 1

I don't know if they are meaningful, but I don't like exit status 1.

-- david.perez
docker
kubernetes

2 Answers

1/24/2019

After some trial and error, here is my solution:

  • Upgrade to minikube 0.33.1
  • Run:
    • minikube delete
    • minikube start --vm-driver=none
-- david.perez
Source: StackOverflow

1/23/2019

For working port-forwarding properly with minikube start --vm-driver=none you have to install socat. Just try following script, its working fine for me.

  • Install the kubectl, socat and docker.
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubectl socat docker.io --allow-unauthenticated
  • Download Latest Minikube
curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.33.0/minikube-linux-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube
  • Start the Minikube cluster.
minikube config set embed-certs true
minikube start --vm-driver none

You have to run minikube start --vm-driver none with root user only.

-- Vishal Ghule
Source: StackOverflow