K
Q

Access services on k8s on prem

9/30/2019

I have 3 virtual machines (ubuntu 18 lts) on my local pc: 1 is master and 2 are nodes. I was able to install kubernetes and also to setup my application.

My application consist of 3 parts: database, backend and frontend. For each of these parts I've created and deployed services. I want to expose the FE service outside the cluster to be able to access it from one of the nodes.

The service description looks like this:

apiVersion: v1
kind: Service
metadata:
  name: fe-deployment
  labels:
    run: fe-srv
spec:
  ports:
  - protocol: TCP
    port: 8085
    targetPort: 80
  selector:
    app: fe
  type: NodePort

The ouput of

kubectl get node -o wide

NAME         STATUS   ROLES    AGE     VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
k8node1      Ready    <none>   2d22h   v1.16.0   172.17.199.105   <none>        Ubuntu 18.04.3 LTS   5.0.0-29-generic   docker://18.9.7
k8node2      Ready    <none>   2d22h   v1.16.0   172.17.199.110   <none>        Ubuntu 18.04.3 LTS   5.0.0-29-generic   docker://18.9.7

kubectl get service -o wide

NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE     SELECTOR
be-deployment   ClusterIP   10.96.169.225   <none>        8080/TCP         2d22h   app=be
db-deployment   ClusterIP   10.110.14.88    <none>        3306/TCP         2d22h   app=db
fe-deployment   NodePort    10.104.211.32   <none>        8085:32476/TCP   2d21h   app=fe

I would have expected that using one node IP and the node port to be able to access my FE from browser, but it doesn't work.

What am I missing? How to access my FE from outside the cluster?

Edit

Based on the documentation, NodePort service type should:

Exposes the Service on each Node’s IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created. You’ll be able to contact the NodePort Service, from outside the cluster, by requesting NodeIP:NodePort

I understand that I will access my service from outside of the cluster using node IP and static port. From the node IP statement I understand that it refers to the machine (the VM in my case) IP.

Later Edit

I've checked the firewall and it seems that is disable on all my machines:

sudo ufw status

Status: inactive

Later later edit

As I told in a comment, trying to telnet to IPv4 address didn't work. Trying with IPv6 does work on localhost and also using the ethernet interface IPv6 IP.

The netstat output is:

 netstat -6 -a | grep 324
 tcp6       1      0 [::]:32476              [::]:*                  LISTEN

Despite the fact that it should work (based on the information I read on internet) it doesn't work with IPv4. Is there a way to change this?

Later later later edit

It seems that this is a bug

-- florin
kubernetes

Similar Questions

how to secure the plain credentials used in k8s pull secrets
Kubernetes PV refuses to bind after delete/re-create
Permission denied pulling image from Red Hat Registry
How to Pass Authorization Bearer Token in Websocket API
changing memory allocation of a kubernetes worker node
How do I pass the name of a kubernetes deployment/replica set to the container?

3 Answers

10/1/2019

You would not get an external IP when exposing service as a nodeport.

Exposing Service on a Nodeport means that your service would be available on externally via the NodeIP of any node in the cluster at a random port between 30000-32767(default behaviour) .

Each of the nodes in the cluster proxy that port (the same port number on every Node) into the pod where your service is launched.

From your kubectl get service -o wide output:

NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE     SELECTOR
fe-deployment   NodePort    10.104.211.32   <none>        8085:32476/TCP   2d21h   app=fe

We can find that port on which your service is exposed is port 32476.

From Your kubectl get node -o wide output:

NAME         STATUS   ROLES    AGE     VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
k8node1      Ready    <none>   2d22h   v1.16.0   172.17.199.105   <none>        Ubuntu 18.04.3 LTS   5.0.0-29-generic   docker://18.9.7
k8node2      Ready    <none>   2d22h   v1.16.0   172.17.199.110   <none>        Ubuntu 18.04.3 LTS   5.0.0-29-generic   docker://18.9.7

We can find that your node ips are: 172.17.199.105 and 172.17.199.110

You can now access your service externally using <Node-IP>:<Node-Port>.

So in Your case these are 172.17.199.105:32476 and 172.17.199.110:32476 depending on which node you want to access Your service.

Additionally, if you want a fixed Node port, you can specify that in the yaml.

You need to make sure you add a security rule on your nodes to allow traffic on the particular port.

-- Piotr Malec
Source: StackOverflow
9/30/2019

In your case, due to you didn't defined nodePort, kubernetes randomly assigned port 32476 to your service. To access that service go to <EXTERNAL-NODE-IP>:32476 (kubernetes-docs).

If you want to assign specific port, you need to define nodePort in service definition (example for ingress based on nginx):

apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/name: ingress-nginx
  name: ingress-nginx
spec:
  ports:
  - name: http
    nodePort: 30080
    port: 80
    protocol: TCP
    targetPort: 80
 selector:
    app.kubernetes.io/name: ingress-nginx
  type: NodePort
-- fazie
Source: StackOverflow
9/30/2019

You can assign EXTERNAL-IP for fe service as IP address if node.

Then you can check : curl -k http://EXTERNAL-IP:PORT

EXTERNAL-IP is Node of IP adress Server.

-- Thanh Nguyen Van
Source: StackOverflow