K
Q

Calico & K8S - can't access pods

2/14/2020

I'm starting with K8S. I installed 2 Debian 10 VMs on Azure (1 master node & 2 slaves).

I installed the master node with this doc: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

I installed Calico with this one : https://docs.projectcalico.org/getting-started/kubernetes/installation/calico#installing-with-the-kubernetes-api-datastore50-nodes-or-less

I created a simple nginx deployment:

kubectl run nginx --replicas=2 --image=nginx

I have the following pods (sazultk8s1/2 are the working nodes) :

root@itf-infra-sazultk8s0-vm:~# kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE   IP               NODE                          
nginx-6db489d4b7-mzmnq              1/1     Running   0          12s   192.168.47.18     itf-infra-sazultk8s2-vm   
nginx-6db489d4b7-sgdz7              1/1     Running   0          12s   192.168.247.115   itf-infra-sazultk8s1-vm

From the master node I can't curl to these nginx:

root@itf-infra-sazultk8s0-vm:~# curl 192.168.47.18 --connect-timeout 5
curl: (28) Connection timed out after 5001 milliseconds
root@itf-infra-sazultk8s0-vm:~# curl 192.168.247.115 --connect-timeout 5
curl: (28) Connection timed out after 5000 milliseconds

I tried from a simple busybox image:

kubectl run access --rm -ti --image busybox /bin/sh
/ #ifconfig eth0 | grep -i inet
   inet addr:192.168.247.116  Bcast:0.0.0.0  Mask:255.255.255.255
/ # wget --timeout 5 192.168.247.115
Connecting to 192.168.247.115 (192.168.247.115:80)
saving to 'index.html'
index.html           100% |********************************************************************************************************|   612  0:00:00 ETA
'index.html' saved
/ # wget --timeout 5 192.168.47.18
Connecting to 192.168.47.18 (192.168.47.18:80)
wget: download timed out

From a scratch install:

  1. does a pod can ping a pod on another host ?
  2. is it possible to curl from master node to a pod on a worker node ?
  3. does azure apply restrictions and prevent k8s to work properly ?
-- tzouintzouin
azure
debian
kubernetes
linux

Similar Questions

Kubernetes Dashboard setup in Production Environment
How to list names of all pods serving traffic behind a service in kubernetes
Can a dask.distributed cluster autoscale different workers independently?
why the kubernetes pod expose some extra port when scanning

1 Answer

2/14/2020

does a pod can ping a pod on another host ?

As per kubernetes networking model yes as long as you have a CNI provider installed.

is it possible to curl from master node to a pod on a worker node ?

You need to create either Nodeport or Loadbalancer type service to access your pods from outside the cluster and for accessing pods from nodes.

does azure apply restrictions and prevent k8s to work properly ?

There may be firewalls restricting traffic between VMs.

-- Arghya Sadhu
Source: StackOverflow