K
Q

Can't access Service via Kubernetes Service with specified endpoints

1/16/2020

I've created a Kubernetes Service whose backend nodes aren't part of the Cluster but a fixed set of nodes (having fixed IPs), so I've also created an Endpoints resource with the same name:

apiVersion: v1
kind: Service
metadata:
  name: hive
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
  name: hive
subsets:
  - addresses:
      - ip: 10.52.7.28
      - ip: 10.52.7.29
    ports:
      - port: 10002

Description of Service and Endpoints:

$ kubectl describe svc/hive
Name:              hive
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP:                10.0.192.103
Port:              http  80/TCP
TargetPort:        10002/TCP
Endpoints:
Session Affinity:  None
Events:            <none>
$ 
$ kubectl describe ep/hive
Name:         hive
Namespace:    default
Labels:       <none>
Annotations:  <none>
Subsets:
  Addresses:          10.52.7.28,10.52.7.29
  NotReadyAddresses:  <none>
  Ports:
    Name     Port   Protocol
    ----     ----   --------
    <unset>  10002  TCP

Events:  <none>

If I exec into one of the pods and telnet directly to Endpoint subset addresses, I am able to connect but If I access it via Service, I am getting connection refused. Just for completeness, Service and the pod are in same namespace:

# telnet 10.52.7.28 10002
Trying 10.52.7.28...
Connected to 10.52.7.28.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet 10.52.7.29 10002
Trying 10.52.7.29...
Connected to 10.52.7.29.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet hive 80
Trying 10.0.192.103...
telnet: Unable to connect to remote host: Connection refused
#

Any idea why I can directly connect to the IP but can't go via Kubernetes Service? I believe this isn't because of Firewall rules because then it should've blocked the direct requests as well.

Edit: I suspect its something to do with Endpoints being empty when I run kubectl describe svc/hive but I can see in the dashboard that Endpoints (under Service page) shows those Endpoints.

-- Shubham
connection-refused
kubernetes
networking
service
tcp

Similar Questions

How can I see executor logs in Livy running in kubernetes
Use values from values.yaml inside named template in Helm v2/v3
GKE Cockpit Deployment fail authentication
Azure CD Pipeline to push image into the AKS (Kubernetes pipeline)

1 Answer

1/16/2020

The names of the ports must match between Service and Endpoint. Either remove the port name in service or add it in Endpoint.

apiVersion: v1
kind: Service
metadata:
  name: hive
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
  name: hive
subsets:
  - addresses:
      - ip: 10.52.7.28
      - ip: 10.52.7.29
    ports:
      - name: http
        port: 10002
-- Shashank V
Source: StackOverflow