Kubenetes accsess api web

7/14/2021

Im new to Kub and i converted my envirement from docker-compose, I have a pod that have python code - if i use my docker on the same host i can accsess but when its on pod no traffic goes inside,

kubectl config view

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://10.10.10.130:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

api-service.yaml:

apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
    kompose.version: 1.21.0 (992df58d8)
  creationTimestamp: null
  labels:
    io.kompose.service: api
  name: api
spec:
  ports:
  - name: "5001"
    port: 5001
    targetPort: 5001
  selector:
    io.kompose.service: api
status:
  loadBalancer: {}

api-deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
    kompose.version: 1.21.0 (992df58d8)
  creationTimestamp: null
  labels:
    io.kompose.service: api
  name: api
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: api
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
        kompose.version: 1.21.0 (992df58d8)
      creationTimestamp: null
      labels:
        io.kompose.service: api
    spec:
      containers:
      - image: 127.0.0.1:5000/api:latest
        imagePullPolicy: "Never"
        name: api
        ports:
        - containerPort: 5001
        resources: {}
        volumeMounts:
        - mountPath: /base
          name: api-hostpath0
      restartPolicy: Always
      serviceAccountName: ""
      volumes:
      - hostPath:
          path: /root/ansible/api/base
        name: api-hostpath0
status: {}

pod log:

 * Serving Flask app 'server' (lazy loading)
 * Environment: production
   WARNING: This is a development server. Do not use it in a production deployment.
   Use a production WSGI server instead.
 * Debug mode: on
 * Running on all addresses.
   WARNING: This is a development server. Do not use it in a production deployment.
 * Running on http://10.244.0.17:5001/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 553-272-086

I tried reaching what the config view shows and i get this : https://10.10.10.130:6443/

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {
    
  },
  "code": 403
}

The path to reach through container is : https://10.10.10.130:5001/ It does not reach container and says like site does not exists - again this works on docker container so what am i missing ?

Thanks

--EDIT--

If i curl http://10.244.0.17:5001/ (the address the api pod) from host i get in, why i cannot get in from outside?

Also tried adding nginx + api pod deployment

  template:
    spec:
      hostNetwork: true

Still cannot reach please help

-- Batchen Regev
kubectl
kubernetes

1 Answer

7/15/2021

Found the solution! I needed to add externalIPs to my pods service.yaml (api and nginx)

spec:
  ports:
  - name: "8443"
    port: 8443
    targetPort: 80
  externalIPs:
      - 10.10.10.130
-- Batchen Regev
Source: StackOverflow