K
Q

Cluster IP service isn't working as expected

12/13/2020

I created nodeport service for httpd pods and cluster IP service for tomcat pods and they're in same namespace behind nginx LB. There is a weird issue with the app when http and tomcat services are not the same type. When I change both to be cluster IP or both to be NodePort then everything works fine...

Traffic flow is like this:

HTTP and HTTPS traffic -> LB -> Ingress -> Httpd -> Tomcat

HTTPS virtual host custom port traffic -> LB -> Tomcat

TCP traffic -> LB -> Tomcat

Is there anything that can cause issues between HTTPD and Tomcat? Even though I can telnet to httpd and tomcat pods from outside but for some reason the app functionality breaks (some static and jsp pages gets processed though).

httpd-service:

apiVersion: v1
kind: Service
metadata:
  name: httpd
  labels:
    app: httpd-service
  namespace: test-web-dev
spec:
type: NodePort
  selector:
    app: httpd
  ports:
    - name: port-80
      port: 80
      protocol: TCP
      targetPort: 80
    - name: port-443
      port: 443
      protocol: TCP
      targetPort: 443
  sessionAffinity: "ClientIP"
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800
  externalTrafficPolicy: Local

tocmat-service:

apiVersion: v1
kind: Service
metadata:
  name: tomcat7
  namespace: test-web-dev
  annotations:
spec:
  selector:
    app: tomcat7 # Metadata label of the deployemnt pod template or pod metadata label
  ports:
    - name: port-8080 # Optional when its just only one port
      protocol: TCP
      port: 8080
      targetPort: 8080
    - name: port-8262
      protocol: TCP
      port: 8262
      targetPort: 8262
  sessionAffinity: "ClientIP"
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800

ingress lb:

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  1234: "test-web-dev/httpd:1234"
  8262: "test-web-dev/tomcat7:8262"
---
apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https
    - name: port-1234
      port: 1234
      protocol: TCP
      targetPort: 1234
    - name: port-8262
      port: 8262
      protocol: TCP
      targetPort: 8262
-- John Doe
kubernetes

Similar Questions

How to query kubernetes custom api (networking.gke.io/v1beta1) using go client?
journal rotate data loss
Is it possible to expose the contents of application.properties as key/value pairs in env inside the container?
Power cycle of one of the worker nodes becomes useless since after restart the pods struck in “ContainerCreating” state
rke etcd snapshot have so many errors

1 Answer

12/16/2020

Answering my own question.

NodePort services are required when the service needs be exposed outside of the cluster like internet.

ClusterIP services are used when services needs to communicate internally like frontend to backend.

In my case, user needs to connect to both httpd and tomcat (specific app port) from outside as a result both tomcat and httpd has to be nodeport type service. Configuring tomcat has cluster IP will break the app since tomcat app port isn't reachable from internet.

-- John Doe
Source: StackOverflow