Unable to access the internet on the pod in the public GKE cluster
I'm using gke(1.16.13-gke.1) as a test environment. I am deploying a spring-boot application, and it was successfully running on the gke cluster. The thing is it can't communicate with the internet.
Here is my deployment manifest.
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth
namespace: lms-ff
spec:
replicas: 1
selector:
matchLabels:
app: auth
template:
metadata:
labels:
app: auth
spec:
containers:
- name: auth
image: gcr.io/sams-api:0.0.1.4.ms1
ports:
- containerPort: 8095
envFrom:
- configMapRef:
name: auth-properties
---
apiVersion: v1
kind: Service
metadata:
name: gcp-auth-service
namespace: lms-ff
spec:
selector:
app: auth
type: ClusterIP
ports:
- protocol: TCP
port: 8095
targetPort: 8095
Here is the error that I got.
api-556c56df4b-pdtk9:/home/misyn/app# ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: seq=0 ttl=59 time=10.762 ms
64 bytes from 4.2.2.2: seq=1 ttl=59 time=10.831 ms
64 bytes from 4.2.2.2: seq=2 ttl=59 time=10.932 ms
64 bytes from 4.2.2.2: seq=3 ttl=59 time=10.798 ms
^C
--- 4.2.2.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 10.762/10.830/10.932 ms
api-556c56df4b-pdtk9:/home/misyn/app# telnet 220.247.246.105 9010
Connection closed by foreign host
udayanga@udayanga-PC:~/Desktop/kubernetes$ kubectl get all -n lms-ff
NAME READY STATUS RESTARTS AGE
pod/api-556c56df4b-pdtk9 1/1 Running 0 6h27m
pod/auth-77c755b854-7bqts 1/1 Running 0 4h57m
pod/mariadb-555bcb6d95-5x6wx 1/1 Running 0 15h
pod/middle-767558df89-kc7kz 1/1 Running 0 12h
pod/portal-cf84d7845-vvxl7 1/1 Running 0 105m
pod/redis-b467466b5-ndlgb 1/1 Running 0 15h
pod/web-5b967cd44c-lbmnk 1/1 Running 0 103m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/gcp-api-service ClusterIP 10.0.13.15 <none> 8091/TCP 6h27m
service/gcp-auth-service ClusterIP 10.0.6.154 <none> 8095/TCP 4h57m
service/gcp-mariadb-service ClusterIP 10.0.14.196 <none> 3306/TCP 15h
service/gcp-middle-service ClusterIP 10.0.3.26 <none> 8093/TCP 6h49m
service/gcp-portal-service ClusterIP 10.0.1.229 <none> 8090/TCP 105m
service/gcp-redis-service ClusterIP 10.0.2.188 <none> 6379/TCP 15h
service/gcp-web-service LoadBalancer 10.0.3.141 static-ip 80:30376/TCP 14h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/api 1/1 1 1 6h27m
deployment.apps/auth 1/1 1 1 4h57m
deployment.apps/mariadb 1/1 1 1 15h
deployment.apps/middle 1/1 1 1 12h
deployment.apps/portal 1/1 1 1 105m
deployment.apps/redis 1/1 1 1 15h
deployment.apps/web 1/1 1 1 103m
NAME DESIRED CURRENT READY AGE
replicaset.apps/api-556c56df4b 1 1 1 6h28m
replicaset.apps/auth-77c755b854 1 1 1 4h57m
replicaset.apps/mariadb-555bcb6d95 1 1 1 15h
replicaset.apps/middle-767558df89 1 1 1 12h
replicaset.apps/portal-cf84d7845 1 1 1 105m
replicaset.apps/redis-b467466b5 1 1 1 15h
replicaset.apps/web-5b967cd44c 1 1 1 103m
udayanga@udayanga-PC:~/Desktop/kubernetes$
Your service file defines a ClusterIP type that provides and IP address that's only accessible within your Kubernetes cluster. It's an internal IP that Kubernetes makes available by default.
You should define a service file with a NodePort type which gives an external IP address for your nodes. Then combine the node's IP address with the NodePort number defined within the service file.
The resultant address should be in this format -> EXTERNAL_IP:NodePort
Don't also forget to create a firewall rule that allows ingress traffic into your nodes.
Please check this documentation for detailed steps on how to go about it.
Your service Type is
apiVersion: v1
kind: Service
metadata:
name: gcp-auth-service
namespace: lms-ff
spec:
selector:
app: auth
type: ClusterIP
ports:
- protocol: TCP
port: 8095
targetPort: 8095
ClusterIP it should be LoadBalancer or NodePort if you want to expose the Service to internet.
Cluster IP : Service only accessible internally inside the cluster.
Load Balancer : Expose the service to internet using IP address
Node Port : It exposes the service to the internet over the port and Uses the Node IP.
read more at : https://kubernetes.io/docs/concepts/services-networking/service/
You can change the service type to LoadBalancer and run command
kubectl get svc
you will see your service with IP address and hit that IP address from browser and you will be able to access the service.