K
Q

Gcloud kubernetes cluster access to internet

5/30/2019

A Pod in gcloud kubernetes cluster is not accessible from the internet. Access from kubernetes or cloud shell works fine.

There a serveral ways to make a pod accessible from outside kubernetes cluster. I have tried three different ways.

My kubernetes cluster is not private, means that the command

kubectl get nodes - o wide

has an external ip address. The ip is reachable from outside the gc project.

I created a pod with a Pod yaml, not with a deploymentConfig. Pod has two container Ports:

ports:
  - containerPort: 8500
  - containerPort: 8501

Pod is running Ports are open inside the container. Now I have created services in different ways.

Creating different services. Service and pod are connected over selector

app=myapp

1 NodePort: Using the external ip address from kubernetes cluster. I created a service from type NodePort. Accesss should work over clusterIP:

2 LoadBalancer: Creating a service from type Loadbalanacer creates an external ip address for the service.

kubectl get service -o wide

kubectl expose pod myapp --port 8500 --target-port=8500 --type=Loadbalancer

I got a second external ip address. Access from out side over "ip-address:port" did not work

3 HostPort: The container port will be exposed to the external network at :, where the hostIP is the IP address of the Kubernetes node where the container is running and the hostPort is the port requested by the user.

Using this tutorial: http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster/

The only thing worked for me was to use Port 80. I used Port 80 for rest endpoint, but I have 2 endpoints rest and grpc and both should be provided.

Overall I created firewall rules for the ports I used:

gcloud compute firewall-rules create MY-RULE \
  --allow tcp:8500-8501

Nothing worked for me. Now I believe that I am missing something. Thank you in advance.

Best wishes Joern

-- soa
gcloud
kubernetes
kubernetes-ingress

Similar Questions

Variables in Kubernetes ConfigMaps
Live update of Kubernetes container environment variable derived from configMapRef
Why kubernetes doesn't provide pod-to-pod communication?
How to set up raid on a node in GKE
Kubernetes deployment of two microservices at same subdomain resulting in frequent and random 404 errors
ADO: error validating data: the server could not find the requested
Prometheus scrape metrics dotnet-monitor

1 Answer

5/31/2019

Let's focus on the second option you tried (expose app via LoadBalancer):

I'm assuming you are using GKE (Google Kubernetes Engine)

First of all I can see you have a typo in your 'expose' command (service types are case sensitive):

change:

--type=Loadbalancer

to:

--type=LoadBalancer

You are not doing anything wrong, so exposing HTTP(s) service should work, please verify quickly if your Kubernetes cluster is fully functional with following commands:

kubectl create ns demo
kubectl -n demo run myapp --generator=run-pod/v1 --image=nginx
kubectl -n demo expose pod myapp --port 8500 --target-port=80 --type=LoadBalancer

and try to reach app on <EXTERNAL-IP>:<8500>

for grpc-services the things are getting more difficult, please follow this tutorial on how to do this on GKE.

-- Nepomucen
Source: StackOverflow