Unable to connect to a Kubernetes service through a web-browser via external IP

7/2/2021

I'm using minikube for Kubernetes, Docker & VirtualBox for my applications.

I've created a couple of services+deployments for a MySQL database and phpmyadmin. They're all green, indicating there's no issues:

However, when I click on the External Endpoint of the phpmyadmin-service, my browser refuses to connect:

Here's my metallb config and minikube ip output, just in case:

My yaml manifest files for the service and the deployment do contain the right port:

apiVersion: v1
kind: Service
metadata:
  name: phpmyadmin-service
  labels:
    app: phpmyadmin
  annotations:
    metallb.universe.tf/allow-shared-ip: shared
spec:
  type: LoadBalancer
  ports:
  - port: 5000
    targetPort: 5000
  selector:
    app: phpmyadmin
---
apiVersion: apps/v1 
kind: Deployment
metadata:
  name: phpmyadmin-deployment
  labels:
    app: phpmyadmin
spec:
  selector:
    matchLabels:
      app: phpmyadmin
  replicas: 1
  template:
    metadata:
      labels:
        app: phpmyadmin
    spec:
      restartPolicy: Always
      containers:
      - name: phpmyadmin
        image: phpmyadmin
        imagePullPolicy: Never
        ports:
        - containerPort: 5000

Any idea what's wrong?

UPD: output of kubectl get svc:

c1r10s2% kubectl get svc
NAME                 TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)          AGE
kubernetes           ClusterIP      10.96.0.1       <none>           443/TCP          2m54s
mysql-service        ClusterIP      10.109.243.20   <none>           3306/TCP         73s
phpmyadmin-service   LoadBalancer   10.103.233.51   192.168.99.100   5000:30348/TCP   73s

Output of kubect describe svc:

c1r10s2% kubectl describe svc
Name:              kubernetes
Namespace:         default
Labels:            component=apiserver
                   provider=kubernetes
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP Families:       <none>
IP:                10.96.0.1
IPs:               10.96.0.1
Port:              https  443/TCP
TargetPort:        8443/TCP
Endpoints:         192.168.99.100:8443
Session Affinity:  None
Events:            <none>


Name:              mysql-service
Namespace:         default
Labels:            app=mysql
Annotations:       <none>
Selector:          app=mysql
Type:              ClusterIP
IP Families:       <none>
IP:                10.109.243.20
IPs:               10.109.243.20
Port:              <unset>  3306/TCP
TargetPort:        3306/TCP
Endpoints:         172.17.0.8:3306
Session Affinity:  None
Events:            <none>


Name:                     phpmyadmin-service
Namespace:                default
Labels:                   app=phpmyadmin
Annotations:              metallb.universe.tf/allow-shared-ip: shared
Selector:                 app=phpmyadmin
Type:                     LoadBalancer
IP Families:              <none>
IP:                       10.103.233.51
IPs:                      10.103.233.51
LoadBalancer Ingress:     192.168.99.100
Port:                     <unset>  5000/TCP
TargetPort:               5000/TCP
NodePort:                 <unset>  30348/TCP
Endpoints:                172.17.0.2:5000
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason        Age   From                Message
  ----    ------        ----  ----                -------
  Normal  IPAllocated   2m1s  metallb-controller  Assigned IP "192.168.99.100"
  Normal  nodeAssigned  119s  metallb-speaker     announcing from node "minikube"
-- Mampac
kubernetes
minikube
web-services

1 Answer

1/9/2022

I see you're using MetalLB. The thing is, there might not be a rule that governs the connectivity to your loadbalancer endpoint. Some things you can check:

  • Does your cluster have routing inside enabled? By using MetalLB in BGP, you will need route redistribution (a BGP gateway so the routes between the 10.130.x.x network and the 192.168.x.x network can be learned)
  • If you run in Layer-2, then you need to enable StrictARP in your kubelet service (desirable to be enabled also in BGP mode if you use Calico for cluster networking. The reason for this is complicated but you can investigate)
  • Use IPVS not Iptables. MetalLB needs IPVS instead
  • The PhpMyadmin needs also environmental variables to be able to access mysql. Therefore, you need to pass the PMA_HOST and PMA_PORT and password envs in the deployment. Something like the following:
apiVersion: apps/v1 
kind: Deployment
metadata:
  name: phpmyadmin-deployment
  labels:
    app: phpmyadmin
spec:
  selector:
    matchLabels:
      app: phpmyadmin
  replicas: 1
  template:
    metadata:
      labels:
        app: phpmyadmin
    spec:
      restartPolicy: Always
      containers:
      - name: phpmyadmin
        image: phpmyadmin
        imagePullPolicy: Never
        ports:
        - containerPort: 5000
        env:                             
        - name: PMA_HOST               
          value: mysql-service # this is a reference to the mysql service                
        - name: PMA_PORT               
          value: "3306"                
        - name: MYSQL_ROOT_PASSWORD    
          valueFrom:                   
            secretKeyRef:              
              name: mysql-secret # This is your mysql secret from the file example below             
              key: mysql-root-password 

You'll need to have previously enabled secrets in a secrets file for your mysql deployment, where you provide your encrypted credentials.

 apiVersion: v1        
 kind: Secret          
 metadata:             
   name: mysql-secret         
   namespace: namespace      
   labels:             
     app: mysql-service # the label of your mysql deployment        
 type: Opaque          
 data:                        
   mysql-root-password:   # base64 encoded passwords here              
   mysql-password:  
-- cyberthief183
Source: StackOverflow