Problem with Exercise 3.3: Access from Outside the Cluster

sudeepbatra1975

Please check this status :

esudbat@kube-master:~$ kubectl get svc

NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE

kubernetes   ClusterIP      10.96.0.1        <none>        443/TCP        40d

nginx        LoadBalancer   10.106.224.107   <pending>     80:30619/TCP   26m

Step 6 : External access via the public IP and port doesnt work.

Any suggestion ?

devagari

Hello serewicz,

Can you please list down the steps, to fix the firewall issue. All my services are woking inside cluster but when I try to test ouside , get no response. Even my kubernetes dashboard is not running becuse of this, It will be great help. 

sudeepbatra1975

Using GCE :

Definitely this interface is too slow and almost wastage of time- I wish LF moves to Slack- otherwise this is too slow and not so useful :

Here is my output :

esudbat@kube-master:~$ kubectl get svc nginx

NAME      TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE

nginx     LoadBalancer   10.106.224.107   <pending>     80:30619/TCP   4d

esudbat@kube-master:~$ curl 104.196.99.153:30619

^C

esudbat@kube-master:~$ kubectl get svc nginx

NAME      TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE

nginx     LoadBalancer   10.106.224.107   <pending>     80:30619/TCP   4d

esudbat@kube-master:~$ curl 10.106.224.107:8080

^C

esudbat@kube-master:~$ curl 10.106.224.107:80

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<truncated>

esudbat@node1:~$ sudo iptables -A INPUT -p tcp --dport 30619 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

esudbat@node1:~$ sudo iptables -A OUTPUT -p tcp --sport 30619 -m conntrack --ctstate ESTABLISHED -j ACCEPT

 

esudbat@kube-master:~$ curl 104.196.99.153:30619

Keeps waiting - no response here....

LinuxFoundation Guide is not user-friendly.

 

chrispokorni

Hi, I also use GCE for the labs in this course. I remember having a similar issue with the access from outside the cluster, and after a little bit of google-shooting I realized it was a GCE firewall issue. I added another firewall rule and after that I was able to complete the exercise. Hope this helps.

Good luck!

-Chris

sudeepbatra1975

Yes I did that- I suppose you are referring this link.

https://cloud.google.com/compute/docs/tutorials/basic-webserver-apache

And also tested using a different VM with webserver- that all works. But still couldnt figure out the issue..

I tried flushing all the iptables , still doesnt work, strange. I think there is some firewall issue locally on the node vm- which I am unable to decipher.

sudeepbatra1975

Ok - I added an allow-all firewall rule to allow all trafffic from 0.0.0.0/0, and now it did work. Thanks.

SudeepBatra

I am able to curl from within all the GCE network but the external access doesnt seem to be working.

esudbat@node1:~$ curl 35.231.45.60:30438

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

I tried the same rules on the GCE, allow-all but strangely cant access from outside.

chrispokorni , Can you confirm the rules you created in GCE ? To allow all or a particular port.

chrispokorni

For simplicity, I created a rule to allow all tcp traffic (rather than allowing a specific port), and only then I was able to access from the outside on the [nodeIP]:[nodePort], and I verified access on all running nodes.

-Chris

PS: The new rule I created was in the same project where my nodes were (in my case a custom project created only for the purpose of lfs258 where I run all the master/worker nodes)

 

 

jyothsna271

The issue is definitely due to the corporate firewall. I tested it outside the corporate network and it worked.