K
Q

Connection to a software's key server failing from inside pod. Ping to the server working fine

6/2/2019

Launching a pod with an application that requires to first authenticate the software key license with a key server sitting outside the cluster before the service can launch. ping to the key server works fine but the connection to key server on port 6150 isn't working.

Tried running this container from a docker host and not in Kubernetes and the connection works perfectly fine.

My container entrypoint:

ENTRYPOINT ping -c 5 serverName.corp.XXXXX.com && \
abkcctl start /opt/work/data/abkc && \ 
/* this is the deamon that authenticates key on serverName.corp.XXXXX.com Port 6150 */
sleep 60 && \

Logs from the pod:

PING serverName.corp.XXXXX.com (10.XXX.X.X) 56(84) bytes of data. 64 bytes from serverName.corp.XXXXX.com (10.XXX.XX.XX): icmp_seq=1 ttl=57 time=0.778 ms 64 bytes from serverName.corp.XXXXX.com (10.XXX.XX.XX): icmp_seq=2 ttl=57 time=1.29 ms 64 bytes from serverName.corp.XXXXX.com (10.XXX.XX.XX): icmp_seq=3 ttl=57 time=0.956 ms 64 bytes from serverName.corp.XXXXX.com (10.XXX.XX.XX): icmp_seq=4 ttl=57 time=0.821 ms 64 bytes from serverName.corp.XXXXX.com (10.XXX.XX.XX): icmp_seq=5 ttl=57 time=1.32 ms

--- serverName.corp.XXXXX.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4002ms rtt min/avg/max/mdev = 0.778/1.033/1.322/0.232 ms Starting Key Client Daemon The Key Client Daemon has been started Check daemon status using the commands: abkcctl status /opt/work/data/abkc tail /opt/work/data/abkc/logs/abkcd.system.log Key Client Daemon started with pid 14 at Sun Jun 2 19:40:56 2019 2019-06-02T19:40:56.097529Z: SIGHUP toggles tracing to file /tmp/abtrc_keyclient 2019-06-02T19:40:56.097661Z: Key Client Daemon v3.5.1.0 starting. 2019-06-02T19:40:56.097671Z: Configuration directory: /opt/work/data/abkc 2019-06-02T19:40:56.097691Z: AB_HOME: /opt/software_name/software_name-run-time 2019-06-02T19:40:56.098678Z: Key server 0: abks://serverName.corp.XXXXX.com:6150 2019-06-02T19:40:56.098703Z: Key server 1: abks://serverName.corp.XXXXX.com:6150 2019-06-02T19:41:03.121140Z: Error fetching key from abks://serverName.corp.XXXXX.com:6150: 2019-06-02T19:41:03.121264Z: Attempt to connect to Key Server 10.XXX.XX.XX:6150, failed with error: Connection timed out. The Key Server client cannot connect to the server. 2019-06-02T19:41:10.142628Z: Error fetching key from abks://serverName.corp.XXXXX.com:6150: 2019-06-02T19:41:10.142756Z: Attempt to connect to Key Server 10.XXX.XX.XX:6150, failed with error: Connection timed out. The Key Server client cannot connect to the server. 2019-06-02T19:41:10.142784Z: Status: RUNNING-FAILURE 2019-06-02T19:41:47.190633Z: Error fetching key from abks://serverName.corp.XXXXX.com:6150: 2019-06-02T19:41:47.190766Z: Attempt to connect to Key Server 10.XXX.XX.XX:6150, failed with error: Connection timed out. The Key Server client cannot connect to the server. 2019-06-02T19:41:54.214609Z: Error fetching key from abks://serverName.corp.XXXXX.com:6150: 2019-06-02T19:41:54.214730Z: Attempt to connect to Key Server 10.XXX.XX.XX:6150, failed with error: Connection timed out. The Key Server client cannot connect to the server. RUNNING-FAILURE No key files were found on this computer.

I expect the connection to go through. I am new to Kubernetes, am I missing the firewall limitations out of the box. Do I have to setup something for this connection to go through? How is the ping working?

-- Gaurav Dasson
docker
kubernetes

Similar Questions

Custom metric API server not in Go
What is kube-nginx and how does it differ from kube-proxy?
Use specific key from json file in configmap as Environment variable
Deleting namespace hangs on custom resource finalizer
How to get the FQDN of a service in Istio? Are there any APIs which expose this?

0 Answers