K
Q

Unable to access the internet on the pod in the public GKE cluster

8/2/2020

Unable to access the internet on the pod in the public GKE cluster

I'm using gke(1.16.13-gke.1) as a test environment. I am deploying a spring-boot application, and it was successfully running on the gke cluster. The thing is it can't communicate with the internet.

Here is my deployment manifest.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: auth
  namespace: lms-ff
spec:
  replicas: 1
  selector:
    matchLabels:
      app: auth
  template:
    metadata:
      labels:
        app: auth
    spec:
      containers:
        - name: auth
          image: gcr.io/sams-api:0.0.1.4.ms1
          ports:
          - containerPort: 8095
          envFrom:
            - configMapRef:
                name: auth-properties 
            

---

apiVersion: v1
kind: Service
metadata:
  name: gcp-auth-service
  namespace: lms-ff  
spec:
  selector:
    app: auth
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 8095
    targetPort: 8095

Here is the error that I got.

api-556c56df4b-pdtk9:/home/misyn/app# ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: seq=0 ttl=59 time=10.762 ms
64 bytes from 4.2.2.2: seq=1 ttl=59 time=10.831 ms
64 bytes from 4.2.2.2: seq=2 ttl=59 time=10.932 ms
64 bytes from 4.2.2.2: seq=3 ttl=59 time=10.798 ms
^C
--- 4.2.2.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 10.762/10.830/10.932 ms
api-556c56df4b-pdtk9:/home/misyn/app# telnet 220.247.246.105 9010
Connection closed by foreign host
udayanga@udayanga-PC:~/Desktop/kubernetes$ kubectl get all -n lms-ff
NAME                           READY   STATUS    RESTARTS   AGE
pod/api-556c56df4b-pdtk9       1/1     Running   0          6h27m
pod/auth-77c755b854-7bqts      1/1     Running   0          4h57m
pod/mariadb-555bcb6d95-5x6wx   1/1     Running   0          15h
pod/middle-767558df89-kc7kz    1/1     Running   0          12h
pod/portal-cf84d7845-vvxl7     1/1     Running   0          105m
pod/redis-b467466b5-ndlgb      1/1     Running   0          15h
pod/web-5b967cd44c-lbmnk       1/1     Running   0          103m

NAME                          TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)        AGE
service/gcp-api-service       ClusterIP      10.0.13.15    <none>           8091/TCP       6h27m
service/gcp-auth-service      ClusterIP      10.0.6.154    <none>           8095/TCP       4h57m
service/gcp-mariadb-service   ClusterIP      10.0.14.196   <none>           3306/TCP       15h
service/gcp-middle-service    ClusterIP      10.0.3.26     <none>           8093/TCP       6h49m
service/gcp-portal-service    ClusterIP      10.0.1.229    <none>           8090/TCP       105m
service/gcp-redis-service     ClusterIP      10.0.2.188    <none>           6379/TCP       15h
service/gcp-web-service       LoadBalancer   10.0.3.141    static-ip  80:30376/TCP   14h

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/api       1/1     1            1           6h27m
deployment.apps/auth      1/1     1            1           4h57m
deployment.apps/mariadb   1/1     1            1           15h
deployment.apps/middle    1/1     1            1           12h
deployment.apps/portal    1/1     1            1           105m
deployment.apps/redis     1/1     1            1           15h
deployment.apps/web       1/1     1            1           103m

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/api-556c56df4b       1         1         1       6h28m
replicaset.apps/auth-77c755b854      1         1         1       4h57m
replicaset.apps/mariadb-555bcb6d95   1         1         1       15h
replicaset.apps/middle-767558df89    1         1         1       12h
replicaset.apps/portal-cf84d7845     1         1         1       105m
replicaset.apps/redis-b467466b5      1         1         1       15h
replicaset.apps/web-5b967cd44c       1         1         1       103m
udayanga@udayanga-PC:~/Desktop/kubernetes$
-- Damith Udayanga
docker
gke-networking
google-cloud-platform
google-kubernetes-engine
kubernetes

Similar Questions

What does the following deployment strategy imply in kubernetes?
get PreStop lifecycle hook execution results
Kubernetes ingress service NodePort is only listen to tcp6/ipv6 not tcp/ipv4
what are the Kubernetes modules directly communicating with etcd
Certificates per cluster or certificate per service provider?

2 Answers

7/24/2021

Your service file defines a ClusterIP type that provides and IP address that's only accessible within your Kubernetes cluster. It's an internal IP that Kubernetes makes available by default.

You should define a service file with a NodePort type which gives an external IP address for your nodes. Then combine the node's IP address with the NodePort number defined within the service file.

The resultant address should be in this format -> EXTERNAL_IP:NodePort

Don't also forget to create a firewall rule that allows ingress traffic into your nodes.

Please check this documentation for detailed steps on how to go about it.

-- Bash
Source: StackOverflow
7/24/2021

Your service Type is 

apiVersion: v1
kind: Service
metadata:
  name: gcp-auth-service
  namespace: lms-ff  
spec:
  selector:
    app: auth
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 8095
    targetPort: 8095

ClusterIP it should be LoadBalancer or NodePort if you want to expose the Service to internet.

Cluster IP : Service only accessible internally inside the cluster.

Load Balancer : Expose the service to internet using IP address

Node Port : It exposes the service to the internet over the port and Uses the Node IP.

read more at : https://kubernetes.io/docs/concepts/services-networking/service/

You can change the service type to LoadBalancer and run command 

kubectl get svc

you will see your service with IP address and hit that IP address from browser and you will be able to access the service.

https://cloud.google.com/kubernetes-engine/docs/how-to/exposing-apps#creating_a_service_of_type_loadbalancer

-- Harsh Manvar
Source: StackOverflow