I have a stateful set for MQ, exposed two ports 1414 for TCP and 9443 for HTTPS and created service of type Loadbalancer. 1414 for TCP is working fine, able to telnet from other PODs in the same cluster using service name/cluster IP..also able to connect 1414 from outside GKE cluster.
But the problem is port 9443 is not accessible from other POD in the cluster (service name/cluster IP) or outside the cluster (external IP). The telnet is working fine when exec to the POD and test locally.. telnet 127.0.01 9443
Is there any configuration missing for HTTPS service..
Note: Port forward is working fine and able to connect to the API. kubectl port-forward svc/mq-qmdtest 9443:9443
Service Definition
apiVersion: v1
kind: Service
metadata:
name: {{.Values.name}}
namespace: {{.Values.namespace}}
annotations:
cloud.google.com/load-balancer-type: "Internal"
labels :
run: {{.Values.name}}
spec:
type: LoadBalancer
loadBalancerIP: {{.Values.loadBalancerIP}}
ports:
- name: webui
port: 9443
protocol: TCP
- name: mq
port: 1414
protocol: TCP
selector:
run: {{.Values.name}}Stateful Set – Container port configuration
ports:
- containerPort: 9443
protocol: TCP
name: webui
- containerPort: 1414
protocol: TCP
name: mqThe telnet is working fine when exec to the POD and test locally.. telnet 127.0.01 9443 ... Port forward is working fine and able to connect to the API. kubectl port-forward svc/mq-qmdtest 9443:9443
Is almost certainly caused by the pod only listening on localhost; port-forward also engages with localhost, so the fact that you cannot reach it from other pods in the cluster but you can from itself and you can from port-forward means the service is only listening for local connections.
Without knowing more about the software I can't offer you a "open this file, change this value" type instructions, but be on the lookout for "bind host" or any "listen" configuration that would accept both a host and a port, and in that case set the "bind host" to 0.0.0.0 or the "listen" configuration to 0.0.0.0:9443