K
Q

GCP GCE doesn't permit Ingress traffic to a port opened by node port on K8S

4/24/2020
ytong@master:~$ kubectl get service
NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP      10.96.0.1        <none>        443/TCP        4h11m
nginx        LoadBalancer   10.111.227.218   <pending>     80:31371/TCP   75m

Please ignore the pending status for LoadBalancer. Since I don't use GKE, but use GCE with K8S installed with kubeadm to create a service in LoadBalancer service, so it will be on PENDING status forever.

ytong@master:~$ kubectl get node -o wide
NAME     STATUS   ROLES    AGE     VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION   CONTAINER-RUNTIME
master   Ready    master   4h12m   v1.18.1   10.2.0.3      <none>        Ubuntu 18.04.4 LTS   5.0.0-1034-gcp   docker://19.3.6
worker   Ready    <none>   3h41m   v1.18.1   10.2.0.4      <none>        Ubuntu 18.04.4 LTS   5.0.0-1034-gcp   docker://19.3.6

master  us-central1-f           10.2.0.3 (nic0) 35.222.140.199      
worker  us-central1-f           10.2.0.4 (nic0) 34.67.101.1     

ytong@master:~$ curl http://10.2.0.3:31371
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

ytong@master:~$ curl http://35.222.140.199:31371
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

I can use 31371 port opened by node port to access nginx service finally mapped to port 80 on pod on either GCP GCE VMs or jump server on GCP.

But I can't visit it from my desktop over Internet.

ytong@L-AUN-11021501 MINGW64 ~
$ curl http://35.222.140.199:31371
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (56) Recv failure: Connection was reset

I believe the connection to 31371 port is blocked by GCP but I tried to permit all traffic for both default VPC and VPC created by me to hold GCE VMs, it doesn't work.

Continue to update the thread.

I add 2 firewall rules and try to permit tcp:31371 traffic to GCE VMs where k8s node port service running on it. enter image description here

-- David Tong
google-cloud-platform
kubernetes

Similar Questions

Helm template for k8s PodSecurityPolicy
An alternative to Consul service TTL health check in Kubernetes
How to get consumed storage percentage for any persistent volume in openshift?
AWS EKS no tiller pod found but helm install is working

0 Answers