K
Q

Why does nginx ingress minikube plugin hostPort work but hostPort does not work for any other plugin?

9/23/2019

In minikube there is a nginx ingress plugin which uses a hostPort of 80 and 443. Apparently traffic from the outside can reach these ports just fine. However if you create a pod with a container with hostPort: 9999 for example telnet $(minikube ip) 9999 gets the following result:

Trying 192.168.99.165...
telnet: connect to address 192.168.99.165: Connection refused
telnet: Unable to connect to remote host

Is nginx ingress controller doing some special magic? If so what is said magic that I can also use?

Please no answers about using NodePort.

-- Josh Woodcock
kubernetes
minikube
nginx-ingress

Similar Questions

From Ingress to NodePort service
kubernetes: Node not scaled down by Cluster Autoscaler despite low usage
GKE Cluster creation is failed when using --enable-private-nodes command
How to setup username and password authentication for Mongodb docker container to be deployed on Kubernetes Cluster

1 Answer

9/23/2019

There's no special magic. I suspect you're getting that telnet response because there's nothing listening on port 9999 within the container on which hostPort: 9999 is set.

Run minikube ssh and look at netstat -nlt and you'll see your port 9999 there. Try running a real service listening on an open hostPort and it should work, e.g.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    run: redis
  name: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      run: redis
  template:
    metadata:
      labels:
        run: redis
    spec:
      containers:
      - image: redis
        imagePullPolicy: Always
        name: redis
        ports:
        - containerPort: 6379
          hostPort: 6379
          protocol: TCP

From my terminal:

> telnet $(minikube ip) 6379
Trying 192.168.99.189...
Connected to 192.168.99.189.
Escape character is '^]'.

If there is something listening on port 9999, then there may be an issue with the way Kubernetes is setting up the proxy between the host and the container. You could look for the docker-proxy process to check that:

$ ps aux | grep docker-proxy
root      3579  0.0  0.0   3668  1768 ?        Sl   14:43   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 10000 -container-ip 172.17.0.2 -container-port 10000
root     19862  0.0  0.0   9240   476 pts/1    S+   16:21   0:00 grep docker-proxy
root     23466  0.0  0.0   3668  1768 ?        Sl   15:20   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 18080 -container-ip 172.17.0.9 -container-port 18080
root     23480  0.0  0.0   3668  1768 ?        Sl   15:20   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.17.0.9 -container-port 443
root     23494  0.0  0.0   3668  1676 ?        Sl   15:20   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.9 -container-port 80
root     25840  0.0  0.0   3668  1768 ?        Sl   15:24   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9999 -container-ip 172.17.0.10 -container-port 9999
$
-- erstaples
Source: StackOverflow