Lab 3.3 Cluster IP access
kubectl get svc nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx ClusterIP 10.103.189.38 80/TCP 8m
curl 10.103.189.38:80
Using the cluster ip as above, unable to access the curl from master node, but I can access from worker node.
Is there anything I am missing here ? Thanks.
Comments
-
Hello,
My first thought is there may be some firewall blocking access. Did you have a rule to allow all traffic?
What are you using to run the labs?
Does the command time out or other error?
Please make sure all the pods are running with kubectl get pod --all-namespaces Are there any pods or containers not running?
Regards,
0 -
Hi,
Are you still working on GCP? Do you have a firewall rule to allow all traffic (all ports, all sources, all protocols)?
If on AWS, you would need a similar firewal rule.
This may be required to be able to complete this lab and subsequent labs as well.
Regards,
-Chris2 -
Thank you.
Added below and it starts working. Thanks.Name Type Targets Filters Protocols / ports Action Priority Network
allowall Ingress Apply to all IP ranges: 0.0.0.0/0 all Allow 1000 default0 -
Yes I have to say I spent ages trying to troubleshoot on lab 8 until I read this post
After adding a firewall rule to allow all ingress traffic, and adding to the master and worker nodes, I'm back on track.0 -
Hi @EdwardQuick ,
I am glad you found the solution helpful.
Did you encounter any similar issues in labs prior to Lab 8?
Thanks,
-Chris0 -
I can't recall to be honest Chris. This is on GCP by the way. Perhaps I've got a poor memory but was there a LAB on how to set up the hosts on GCP and did it mention adding firewall rules?
0 -
Hi @EdwardQuick ,
For some reason, I remember some instructions to open all ports for traffic, but I may be thinking of another course. On the K8s.io documentation site there are some notes about port ranges used by K8s, but last time I checked that list was incomplete (creating fw rules for those specific port ranges still produced errors). So for the purpose of these labs, I just opened all ports to all protocols from all sources.
-Chris0 -
I will update the introduction chapter to make it clear that ports should be opened to avoid firewall issues.
Regards,
1 -
is it updated in the introduction chapter? I didn't find it and spent hours with the local IP tables rule until I found this post..
0 -
It will be included in the next course version, but it has not yet been done.
0 -
I also faced this problem. I really didn't make it work, even I tried the firewall rule mentioned in this post. At last, I followed the kuernetes-the-hard-way to set up a working cluster. Could you provide more specific commands?
The following is the glcoud commands I used to create network and instances on GCP. What did I miss?
$ gcloud compute networks create cka --subnet-mode custom $ gcloud compute networks subnets create kubernetes --network cka --range 10.240.0.0/24 $ gcloud compute firewall-rules create cka-external --allow tcp:22,tcp:6443,icmp --network cka --source-ranges 0.0.0.0/0 $ gcloud compute firewall-rules create cka-internal --network cka --allow tcp,udp,icmp --source-ranges 192.168.0.0/16,10.240.0.0/16 $ gcloud compute instances create controller-1 --async --boot-disk-size 200GB --can-ip-forward --image-family ubuntu-1804-lts --image-project ubuntu-os-cloud --machine-type n1-standard-1 --private-network-ip 10.240.0.11 --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring --subnet kubernetes --tags cka,controller $ gcloud compute instances create worker-1 --async --boot-disk-size 200GB --can-ip-forward --image-family ubuntu-1804-lts --image-project ubuntu-os-cloud --machine-type n1-standard-1 --private-network-ip 10.240.0.21 --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring --subnet kubernetes --tags cka,worker
0 -
Hi,
Kubernetes uses many port ranges for agent-to-agent communication and for external communication. As I mentioned above, create a FW rule to allow all traffic: all protocols, all ports, all sources. The GCP documentation on firewall rules shows a sample that you can use to create this. If you are using the console, just navigate to VPC network -> Firewall rules and from there you can create the same rule.
Regards,
-Chris0 -
Thanks, Chris. It worked.
Kubernetes-the-hard-way works fine with such firewall rule setting, but our lesson doesn't.
The only difference here I can inspect is the network plugin. Kubernetes-the-hard-way uses GCP route and our lesson uses Calico.
I doubt we can make it work with much less permissive firewall rule. Maybe, just add BGP protocol permission is enough.0 -
Hello!
I Have the same issue. I am using 2 virtual machines in Azure, and curl is not responding:
Some useful info:$ kubectl get svc nginx-7db75b8b78-8gtzs
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-7db75b8b78-8gtzs ClusterIP 10.111.205.50 80/TCP 5h45m
$ curl 10.111.205.50:80At this point nothing happens until timeout. I Already opened all ports in Azure portal (inbound / outbound rules).
Master and node hosts have Internet access, but seems that pods doesn't. Or at least, can't resolve DNS, because I can pin google's IP, but can't to google.com:**/ # ping 172.217.168.206
PING 172.217.168.206 (172.217.168.206): 56 data bytes
64 bytes from 172.217.168.206: seq=0 ttl=48 time=3.478 ms
64 bytes from 172.217.168.206: seq=1 ttl=48 time=3.292 ms
^C
--- 172.217.168.206 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.292/3.385/3.478 ms
/ #
/ # ping google.com
^C
**Also, all pods are running:
$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default bosybox-56bbfc6d5c-627wp 1/1 Running 1 6h5m
default nginx-7db75b8b78-8gtzs 1/1 Running 0 24h
kube-system calico-node-2k4qt 2/2 Running 2 3d23h
kube-system calico-node-bkbc4 2/2 Running 2 4d
kube-system coredns-869f847d58-ldtm9 1/1 Running 1 4d2h
kube-system coredns-869f847d58-nfdjq 1/1 Running 1 4d2h
kube-system etcd-demian-test 1/1 Running 1 3d23h
kube-system kube-apiserver-demian-test 1/1 Running 1 3d23h
kube-system kube-controller-manager-demian-test 1/1 Running 1 3d23h
kube-system kube-proxy-6ddgr 1/1 Running 1 4d2h
kube-system kube-proxy-gp2t4 1/1 Running 1 3d23h
kube-system kube-scheduler-demian-test 1/1 Running 1 3d23hany ideas? Thanks
0 -
Hi @demian711 ,
You can try to restart your DNS pods, and see if that resolves your DNS issue.
If not, then here is a tutorial on how to setup DNS for Kubernetes on Azure:
https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/azure.md
Regards,
-Chris0
Categories
- All Categories
- 207 LFX Mentorship
- 207 LFX Mentorship: Linux Kernel
- 734 Linux Foundation IT Professional Programs
- 339 Cloud Engineer IT Professional Program
- 166 Advanced Cloud Engineer IT Professional Program
- 66 DevOps Engineer IT Professional Program
- 132 Cloud Native Developer IT Professional Program
- 120 Express Training Courses
- 120 Express Courses - Discussion Forum
- 5.9K Training Courses
- 40 LFC110 Class Forum - Discontinued
- 66 LFC131 Class Forum
- 39 LFD102 Class Forum
- 220 LFD103 Class Forum
- 17 LFD110 Class Forum
- 32 LFD121 Class Forum
- 17 LFD133 Class Forum
- 6 LFD134 Class Forum
- 17 LFD137 Class Forum
- 70 LFD201 Class Forum
- 3 LFD210 Class Forum
- 2 LFD210-CN Class Forum
- 2 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum - Discontinued
- 1 LFD233 Class Forum
- 3 LFD237 Class Forum
- 23 LFD254 Class Forum
- 686 LFD259 Class Forum
- 109 LFD272 Class Forum
- 3 LFD272-JP クラス フォーラム
- 10 LFD273 Class Forum
- 99 LFS101 Class Forum
- LFS111 Class Forum
- 2 LFS112 Class Forum
- 1 LFS116 Class Forum
- 3 LFS118 Class Forum
- 2 LFS142 Class Forum
- 3 LFS144 Class Forum
- 3 LFS145 Class Forum
- 1 LFS146 Class Forum
- 2 LFS147 Class Forum
- 8 LFS151 Class Forum
- 1 LFS157 Class Forum
- 10 LFS158 Class Forum
- 4 LFS162 Class Forum
- 1 LFS166 Class Forum
- 3 LFS167 Class Forum
- 1 LFS170 Class Forum
- 1 LFS171 Class Forum
- 2 LFS178 Class Forum
- 2 LFS180 Class Forum
- 1 LFS182 Class Forum
- 4 LFS183 Class Forum
- 30 LFS200 Class Forum
- 737 LFS201 Class Forum - Discontinued
- 2 LFS201-JP クラス フォーラム
- 17 LFS203 Class Forum
- 114 LFS207 Class Forum
- 1 LFS207-DE-Klassenforum
- LFS207-JP クラス フォーラム
- 301 LFS211 Class Forum
- 55 LFS216 Class Forum
- 49 LFS241 Class Forum
- 43 LFS242 Class Forum
- 37 LFS243 Class Forum
- 13 LFS244 Class Forum
- 1 LFS245 Class Forum
- 45 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- LFS251 Class Forum
- 143 LFS253 Class Forum
- LFS254 Class Forum
- LFS255 Class Forum
- 6 LFS256 Class Forum
- LFS257 Class Forum
- 1.2K LFS258 Class Forum
- 9 LFS258-JP クラス フォーラム
- 114 LFS260 Class Forum
- 152 LFS261 Class Forum
- 41 LFS262 Class Forum
- 82 LFS263 Class Forum - Discontinued
- 15 LFS264 Class Forum - Discontinued
- 11 LFS266 Class Forum - Discontinued
- 23 LFS267 Class Forum
- 18 LFS268 Class Forum
- 29 LFS269 Class Forum
- 199 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- LFS274 Class Forum
- 3 LFS281 Class Forum
- 2 LFW111 Class Forum
- 257 LFW211 Class Forum
- 176 LFW212 Class Forum
- 12 SKF100 Class Forum
- SKF200 Class Forum
- 791 Hardware
- 199 Drivers
- 68 I/O Devices
- 37 Monitors
- 98 Multimedia
- 174 Networking
- 91 Printers & Scanners
- 85 Storage
- 754 Linux Distributions
- 82 Debian
- 67 Fedora
- 16 Linux Mint
- 13 Mageia
- 23 openSUSE
- 147 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 351 Ubuntu
- 464 Linux System Administration
- 39 Cloud Computing
- 70 Command Line/Scripting
- Github systems admin projects
- 91 Linux Security
- 78 Network Management
- 101 System Management
- 47 Web Management
- 56 Mobile Computing
- 17 Android
- 28 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 366 Off Topic
- 114 Introductions
- 171 Small Talk
- 20 Study Material
- 528 Programming and Development
- 293 Kernel Development
- 217 Software Development
- 1.1K Software
- 212 Applications
- 181 Command Line
- 3 Compiling/Installing
- 405 Games
- 311 Installation
- 79 All In Program
- 79 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)