K
Q

Kubernetes - Unable to access apache Pod from proxy

3/8/2019

I have PHP app+Apache on a Kubernetes POD. The PHP app, access Elasticsearch API on port 9200, and show a simple website, to the users, on port 5000.

I run proxy, using kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='.*'.

When I enter to "http://localhost:8001/api/v1/namespaces/default/pods/website/proxy/", I see the following error:

Error: 'dial tcp 172.17.0.6:5000: connect: connection refused'
Trying to reach: 'http://172.17.0.6:5000/'

*172.17.0.6 is the POD ip address.

This is the website POD yaml:

apiVersion: v1
kind: Pod
metadata:
  name: website
  labels:
    app: website
spec:
  containers:
  - name: website
    image: website_k8s:latest
    ports:
    - containerPort: 5000
    - containerPort: 80

This is the dockerfile of website_k8s:latest:

FROM php:7.0-apache
RUN echo "ServerName 0.0.0.0" >> /etc/apache2/apache2.conf
COPY ./index.php /var/www/html/
EXPOSE 5000

I also tried to run service:

apiVersion: v1
kind: Service
metadata:
  name: website-service
spec:
  ports:
  - port: 5000
    targetPort: 80
    protocol: TCP
    name: serving
  - port: 80
    targetPort: 9200
    protocol: TCP
    name: readfromelasticsearch
  selector:
    app: website

And when I enter to http://localhost:8001/api/v1/namespaces/default/services/website-service/proxy/, I see:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "no endpoints available for service \"website-service\"",
  "reason": "ServiceUnavailable",
  "code": 503
}

Even though, when I run $kubectl get endpoints website-service, I see:

NAME              ENDPOINTS                       AGE
website-service   172.17.0.6:80,172.17.0.6:9200   59m

I see the service's POD endpoint.

How could I access my website via proxy?

-- Yagel
apache
docker
kubernetes

Similar Questions

Connect AKS Cluster through IPSEC VPN with only 1 private IP
Kubectl insufficient resource allocation in aws cluster
How to ensure only one pod runs on my node in GKE?
Monitoring aspnet core web app in kubernetes with App Metrics and Influxdb does not work
Change user and group for a configmap and secret volume mounts
Azure Kubernetes Error when running "az aks get-credentials --resource-group AKSResourceGroupName --name AKSClusterName" command

1 Answer

3/9/2019

The problem is that Apache is listening on port 80, not 5000.

If you remove containerPort: 5000 then you can access the website via http://localhost:8001/api/v1/namespaces/default/pods/website/proxy/.

Secondly, the endpoints you see for the service are internal to the cluster. So, you can access the service through those IP endpoints from within a pod: kubectl exec website -- curl 172.17.0.6/. If you want to expose your service externally, the service should be of type NodePort or LoadBalancer.

Finally, the problem you have when querying the service through the proxy is that, when you give a name to a port, you have to include it in the proxy call: curl localhost:8001/api/v1/namespaces/default/services/website-service:serving/proxy/.

-- metaphori
Source: StackOverflow