K
Q

Google Kubernetes Engine Ingress doesn't work

6/19/2019

Create ingress followed the guide of 'Kubernetes in Action' book on GKE, but the ingress doesn't work, can' be accessed from the public IP address of Ingress.

  1. Create the replicaset to create pod.
  2. Create Service. (followed the nodeport method on 'Kubernetes in Action').
  3. Create ingress.

ReplicaSet, Service, Ingress are created successfully, nodeport can be accessed from the public IP address, no UNHEALTHY in ingress.

replicaset:

apiVersion: apps/v1beta2
kind: ReplicaSet
metadata:
  name: kubia
spec:
  replicas: 3
  selector:
    matchLabels:
      app: kubia
  template:
    metadata:
        labels:
          app: kubia
    spec:
      containers:
      - name: kubia
        image: sonyfaye/kubia

Service:

apiVersion: v1
kind: Service
metadata:
  name: kubia-nodeport
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 8080
    nodePort: 30123
  selector:
    app: kubia

Ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubia
spec:
  rules:
  - host: kubia.example.com
    http:
      paths:
      - path: /
        backend: 
          serviceName: kubia-nodeport
          servicePort: 80

The nodeport itself can be accessed from public IP addresses.

C:\kube>kubectl get svc

NAME             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes       ClusterIP   10.59.240.1    <none>        443/TCP        8d
kubia-nodeport   NodePort    10.59.253.10   <none>        80:30123/TCP   20h

C:\kube>kubectl get node

NAME                                   STATUS   ROLES    AGE   VERSION
gke-kubia-default-pool-08dd2133-qbz6   Ready    <none>   8d    v1.12.8-gke.6
gke-kubia-default-pool-183639fa-18vr   Ready    <none>   8d    v1.12.8-gke.6
gke-kubia-default-pool-42725220-43q8   Ready    <none>   8d    v1.12.8-gke.6

C:\kube>kubectl get node -o wide

NAME                                   STATUS   ROLES    AGE   VERSION         INTERNAL-IP   EXTERNAL-IP      OS-IMAGE                             KERNEL-VERSION   CONTAINER-RUNTIME
gke-kubia-default-pool-08dd2133-qbz6   Ready    <none>   8d    v1.12.8-gke.6   10.140.0.17   35.201.224.238   Container-Optimized OS from Google   4.14.119+        docker://17.3.2
gke-kubia-default-pool-183639fa-18vr   Ready    <none>   8d    v1.12.8-gke.6   10.140.0.18   35.229.152.12    Container-Optimized OS from Google   4.14.119+        docker://17.3.2
gke-kubia-default-pool-42725220-43q8   Ready    <none>   8d    v1.12.8-gke.6   10.140.0.16   34.80.225.64     Container-Optimized OS from Google   4.14.119+        docker://17.3.2

C:\kube>curl http://34.80.225.64:30123

You've hit kubia-j2lnr

But the ingress can't be accessed from outside.

hosts file:

34.98.92.110 kubia.example.com

C:\kube>kubectl describe ingress

Name:             kubia
Namespace:        default
Address:          34.98.92.110
Default backend:  default-http-backend:80 (10.56.0.7:8080)
Rules:
  Host               Path  Backends
  ----               ----  --------
  kubia.example.com
                     /   kubia-nodeport:80 (10.56.0.14:8080,10.56.1.6:8080,10.56.3.4:8080)
Annotations:
  ingress.kubernetes.io/backends:         {"k8s-be-30123--c4addd497b1e0a6d":"HEALTHY","k8s-be-30594--c4addd497b1e0a6d":"HEALTHY"}
  ingress.kubernetes.io/forwarding-rule:  k8s-fw-default-kubia--c4addd497b1e0a6d
  ingress.kubernetes.io/target-proxy:     k8s-tp-default-kubia--c4addd497b1e0a6d
  ingress.kubernetes.io/url-map:          k8s-um-default-kubia--c4addd497b1e0a6d
Events:    

                               <none>

C:\kube>curl http://kubia.example.com

curl: (7) Failed to connect to kubia.example.com port 80: Timed out

C:\kube>telnet kubia.example.com 80

Connecting To kubia.example.com...

C:\kube>telnet 34.98.92.110 80

Connecting To 34.98.92.110...Could not open connection to the host, on port 80: Connect failed

Tried from intranet. curl 34.98.92.110 IP can get some resule, and 80 port of 34.98.92.110 is accessible from intranet.

C:\kube>kubectl exec -it kubia-lrt9x bash

root@kubia-lrt9x:/# curl http://kubia.example.com
curl: (6) Could not resolve host: kubia.example.com

root@kubia-lrt9x:/# curl http://34.98.92.110 default backend - 404root@kubia-lrt9x:/# curl http://34.98.92.110 default backend - 404root@kubia-lrt9x:/# root@kubia-lrt9x:/# curl http://10.56.0.7:8080 default backend - 404root@kubia-lrt9x:/#

Does anybody know how to debug this?

The nodeport is been added to the firewall, or else nodeport is not accessible. The Ingress IP seems don't need to be added to the firewall.

-- Scott Lai
google-cloud-platform
google-kubernetes-engine
kubernetes

Similar Questions

Where to find generated config for nginx.ingress.kubernetes.io/affinity annotation
Timeout error when creating channel on cluster
Kubernetes Connection Timeout
Authenticate_with_http_basic block not executed

1 Answer

7/30/2019

Try to expose replicaset to be able to connect from the outside:

$ kubectl expose rs hello-world --type=NodePort --name=my-service

remember to first delete service kubia-nodeport and delete selector and section with service in Ingress configuration file and then apply changes using kubectl apply command.

More information you can find here: exposing-externalip.

Useful doc: kubectl-expose.

-- MaggieO
Source: StackOverflow